2 matches found
PYSEC-2026-1564 LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component
Incomplete Documentation of Program Execution exists in the run-llama/llamaindex library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer...
Fluentd Escape Sequence Injection Vulnerability
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...