Lifeteam2024

**Name of the Vulnerable Software and Affected Versions** LlamaIndex versions up to and including 0.11.6 **Description** LlamaIndex contains an unsafe deserialization issue in the `BGEM3Index.load from disk()` function located in `llama index/indices/managed/bge m3/base.py`. The function utilizes `pickle.load()` to deserialize the `multi embed store.pkl` file from a user-supplied `persist dir` without proper validation. This allows an attacker who can control the contents of the `persist dir` and provide a malicious pickle file to potentially execute arbitrary code when the index is loaded from disk. The vulnerable function is `BGEM3Index.load from disk()`. **Recommendations** Update LlamaIndex to a version newer than 0.11.6.

**Name of the Vulnerable Software and Affected Versions** LlamaIndex versions up to and including 0.12.2 **Description** LlamaIndex versions up to and including 0.12.2 have an issue where resource consumption is not properly controlled in the VannaPack VannaQueryEngine implementation. The `custom query()` logic constructs SQL statements from user input and executes them using `vn.run sql()` without limiting query execution. This allows an attacker, in deployments where untrusted users can provide prompts, to trigger resource-intensive or unbounded SQL operations, potentially leading to a denial-of-service condition by exhausting CPU or memory. The vulnerable code is located in `llama index/packs/vanna/base.py` within the `custom query()` function. **Recommendations** Versions prior to and including 0.12.2 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** LangChain versions up to and including 0.3.1 **Description** LangChain versions up to and including 0.3.1 have a regular expression denial-of-service (ReDoS) issue in the `MRKLOutputParser.parse()` method, located in libs/langchain/langchain/agents/mrkl/output parser.py. The parser uses a regular expression that is susceptible to backtracking, which can be triggered by a crafted payload. An attacker who can control or influence the parsed text, such as through prompt injection, can cause excessive CPU usage, leading to parsing delays and a denial-of-service condition. The vulnerable method is `parse()`. **Recommendations** Update to a version of LangChain greater than 0.3.1.