PyPi: Llama-Index

CVE-2024-12911

Safety vulnerability ID: 76254

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Mar 20, 2025 Updated at Apr 02, 2025

Scan your Python projects for vulnerabilities →

Advisory

A vulnerability in the default_jsonalyzer function of the JSONalyzeQueryEngine in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.12.3.

Affected package

llama-index

Latest version: 0.12.28

Interface between LLMs and your data

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-jmgm-gx32-vp4w
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12911

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application