MCP Server for Data Exploration 安全漏洞

MCP Server for Data Exploration is an MCP server for reading-plus-ai individual developers. A security vulnerability exists in MCP Data Science Server version 0.1.6 that stems from the safeeval function not restricting the builtins dictionary, which could lead to arbitrary code execution...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

EUVD-2018-0143

Malware in sbrugna...

EUVD-2020-0010

Malware in sbrugna...

EUVD-2024-1326

Malicious code in bioql PyPI...

Command Injection

llamaindex is vulnerable to Command Injection. The vulnerability is due to insufficient input validation in the safeeval function, allowing attackers to craft inputs that execute arbitrary OS commands without containing underscores, thus bypassing security checks...

llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

GHSA-R6GP-RFF2-P3HF llama-index-core Command Injection vulnerability

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

CVE-2024-3271

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

CVE-2024-3271 Command Injection in run-llama/llama_index

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

CVE-2024-3271 Command Injection in run-llama/llama_index

A command injection vulnerability exists in the run-llama/llamaindex repository, specifically within the safeeval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by...

CVE-2024-3271

CVE-2024-3271 affects the run-llama/llama_index project, specifically the safe_eval function. The issue allows command execution via crafted input that bypasses the underscore check in code produced by LLMs, enabling remote code execution on the server. Connected sources corroborate a command-inj...

CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

CVE-2024-3098

Summary: CVE-2024-3098 affects the llama_index package, specifically the exec_utils.safe_eval function. The issue enables prompt injection that can lead to arbitrary code execution due to insufficient input validation, effectively bypassing prior constraints (CVE-2023-39662). A validated PoC demo...

CVE-2024-3098 Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index

A vulnerability was identified in the executils class of the llamaindex package, specifically within the safeeval function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method...

Ansible Code Injection Vulnerability

The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...

GHSA-66C7-5PWV-MM3J Ansible Code Injection Vulnerability

The safeeval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657...

GHSA-QG47-5PX9-32G7 Ansible Remote Code Execution

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...

Ansible Remote Code Execution

The safeeval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions...