23 matches found
LlamaIndex 安全漏洞
LlamaIndex is a data framework for LLM applications from the LlamaIndex open source. A security vulnerability exists in LlamaIndex versions 0.12.23 through 0.12.28, which stems from an unresolved symbolic link in the ObsidianReader class that could lead to arbitrary file reading...
PT-2025-25205 · Unknown · Llama Index
Name of the Vulnerable Software and Affected Versions: llama index versions 0.12.23 through 0.12.28 Description: A flaw in the ObsidianReader class allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether...
Hardlink-Based Path Traversal in ObsidianReader
Overview A vulnerability has been identified in the ObsidianReader class from llamaindex.readers.obsidian. This vulnerability allows an attacker to bypass the path restriction mechanism using hardlinks , enabling unauthorized access to sensitive system files such as /etc/passwd. Affected Componen...