CVE-2024-3271

Name of the Vulnerable Software and Affected Versions llama index (affected versions not specified)

Description A command injection issue exists in the safe eval function, allowing attackers to bypass security checks and execute arbitrary code. This is done by crafting input that results in the execution of OS commands without containing an underscore, enabling remote code execution (RCE) on the server hosting the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.