CVE-2024-4181

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

CVE-2024-4181 Command Injection in run-llama/llama_index

A command injection vulnerability exists in the RunGptLLM class of the llamaindex library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models LLMs. The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised...

PT-2024-29576 · Unknown · Llama Index

Name of the Vulnerable Software and Affected Versions: llama index library version 0.9.47 Description: A command injection issue exists due to the improper use of the eval function in the RunGptLLM class, allowing a malicious LLM hosting provider to execute arbitrary commands on the client's...

LlamaIndex Code Injection Vulnerability

LlamaIndex is a data framework for LLM applications by the individual developer Jerry Liu. A code injection vulnerability exists in LlamaIndex version 0.9.47, which stems from improper use of the eval function and allows a malicious or compromised LLM hosting provider to execute arbitrary command...