PT-2025-34665 · Run Llama · Llama Index
Published
2025-08-25
·
Updated
2025-08-26
·
CVE-2025-5302
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions:
run-llama/llama index versions prior to 0.12.38
Description:
A denial of service issue exists in the JSONReader component. The issue is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth limit. This results in high resource consumption and potential crashes of the Python process.
Recommendations:
Update to version 0.12.38 or later.
Fix
DoS
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Llama Index