Safety vulnerability ID: 71792
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of the llama_index package are vulnerable to Command Injection due to insufficient validation in the safe_eval function within the exec_utils.py module. The safe_eval function's DunderVisitor class only checks for underscores in identifiers whilst permitting dangerous builtins like getattr and hasattr, which can be exploited to access restricted functionality and execute operating system commands.
Latest version: 0.14.2
Interface between LLMs and your data
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application