PyPi: Llama-Index-Core

CVE-2024-45201

Safety vulnerability ID: 72972

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Aug 22, 2024 Updated at Dec 09, 2024

Scan your Python projects for vulnerabilities →

Advisory

Llama-index-core affected versions contain a vulnerability related to the use of exec() in the download_integration function. This issue allows for the potential execution of arbitrary code if an attacker can manipulate the input parameters. The vulnerability is mitigated by replacing the exec() function with a safer method using importlib.util

Affected package

llama-index-core

Latest version: 0.12.5

Interface between LLMs and your data

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/run-llama/llama_index/pull/13523
https://github.com/advisories/GHSA-fxc2-8m62-m85x
https://github.com/run-llama/llama_index/commit/bd827c30484fa085ec769fa55dc7f2add8006ac8
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45201

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application