Name of the Vulnerable Software and Affected Versions:

run-llama/llama index version v0.12.5

Description:

A vulnerability in the `LangChainLLM` class allows for a Denial of Service (DoS) attack. The `stream complete` method executes the llm using a thread and retrieves the result via the `get response gen` method of the `StreamingGeneratorCallbackHandler` class. If the thread terminates abnormally before ` llm.predict` is executed, there is no exception handling, leading to an infinite loop in the `get response gen` function. This can be triggered by providing an input of an incorrect type, causing the thread to terminate and the process to continue running indefinitely.

Recommendations:

For run-llama/llama index version v0.12.5, ensure that appropriate exception handling is implemented to manage thread terminations within the `get response gen` function to prevent infinite loops.