CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
75.5%
llama-index is vulnerable to Arbitrary Code Execution. The vulnerability exists because of the improper handling of user input in the PandasQueryEngine
function of the library, which allows an attacker to inject and execute malicious code due to the usage of the exec
function.