5 matches found
CVE-2025-3225
The CVE-2025-3225 issue affects the run-llama/llama_index project, specifically its sitemap parser, where an XML Entity Expansion (billion laughs) vulnerability exists in version v0.12.21. This can be triggered by a malicious Sitemap XML to cause Denial of Service via memory exhaustion, potential...
CVE-2025-3225 XML Entity Expansion vulnerability in run-llama/llama_index
An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llamaindex repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service DoS...
CVE-2025-1793
Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...
CVE-2025-1793 SQL Injection in run-llama/llama_index
Multiple vector store integrations in run-llama/llamaindex version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index...
CVE-2025-1793
CVE-2025-1793 involves multiple vector store integrations in run-llama/llama_index v0.12.21 with SQL injection (CWE-89). The vulnerability allows reading/writing data via SQL, potentially exposing data of other users depending on llama_index usage. Public documents provide concrete details across...