CVE-2024-12911

CVSS v3.1

7.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H

Name of the Vulnerable Software and Affected Versions llama index versions prior to 0.5.1 llama index versions prior to 0.12.3

Description A vulnerability exists in the default jsonalyzer function of the JSONalyzeQueryEngine. This allows for SQL injection via prompt injection, potentially leading to arbitrary file creation and Denial-of-Service (DoS) attacks.

Recommendations Update to llama index version 0.5.1 or later. Update to llama index version 0.12.3 or later.

Exploit

Fix

DoS

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-379

Related Identifiers

CVE-2024-12911

GHSA-JMGM-GX32-VP4W

Affected Products

Llama Index

CVE-2024-12911

Weakness Enumeration

Related Identifiers

Affected Products

References · 8