CVE-2024-14021

Name of the Vulnerable Software and Affected Versions LlamaIndex versions up to and including 0.11.6

Description LlamaIndex contains an unsafe deserialization issue in the BGEM3Index.load from disk() function located in llama index/indices/managed/bge m3/base.py. The function utilizes pickle.load() to deserialize the multi embed store.pkl file from a user-supplied persist dir without proper validation. This allows an attacker who can control the contents of the persist dir and provide a malicious pickle file to potentially execute arbitrary code when the index is loaded from disk. The vulnerable function is BGEM3Index.load from disk().

Recommendations Update LlamaIndex to a version newer than 0.11.6.