GHSA-2xxc-73fv-36f7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-2xxc-73fv-36f7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-2xxc-73fv-36f7/GHSA-2xxc-73fv-36f7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-2xxc-73fv-36f7
- Aliases
- Published
- 2023-08-15T18:31:32Z
- Modified
- 2024-09-30T16:44:07.061189Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 9.3 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- llama-index vulnerable to arbitrary code execution
- Details
-
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the
execparameter in PandasQueryEngine function. - Database specific
{ "github_reviewed": true, "severity": "CRITICAL", "cwe_ids": [ "CWE-74", "CWE-94" ], "nvd_published_at": "2023-08-15T17:15:13Z", "github_reviewed_at": "2023-08-15T21:23:47Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-39662
- https://github.com/jerryjliu/llama_index/issues/7054
- https://github.com/run-llama/llama_index/commit/9f3e50a803f519af9ab62e63d413441c43001d81
- https://github.com/run-llama/llama_index/commit/aa6726706476e0f957a8d57a5ca89e519e93bad7
- https://github.com/jerryjliu/llama_index
- https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2023-148.yaml
Affected packages
PyPI / llama-index
Package
- Name
- llama-index
- View open source insights on deps.dev
- Purl
- pkg:pypi/llama-index
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed0.9.14
Affected versions
0.*
0.4.4
0.4.4.post1
0.4.4.post2
0.4.5
0.4.6
0.4.7
0.4.8
0.4.9
0.4.10
0.4.11
0.4.12
0.4.13
0.4.14
0.4.15
0.4.16
0.4.17
0.4.18
0.4.19
0.4.20
0.4.21
0.4.22
0.4.22.post1
0.4.23
0.4.24
0.4.25
0.4.26
0.4.27
0.4.28
0.4.29
0.4.30
0.4.31
0.4.32
0.4.33
0.4.34
0.4.35
0.4.35.post1
0.4.36
0.4.37
0.4.38
0.4.39
0.4.40
0.5.0
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.5.6
0.5.7
0.5.8
0.5.9
0.5.10
0.5.11
0.5.12
0.5.13
0.5.13.post1
0.5.15
0.5.16
0.5.17
0.5.17.post1
0.5.18
0.5.19
0.5.20
0.5.21
0.5.22
0.5.23
0.5.23.post1
0.5.25
0.5.26
0.5.27
0.6.0a1
0.6.0a2
0.6.0a3
0.6.0a4
0.6.0a5
0.6.0a6
0.6.0a7
0.6.0
0.6.1
0.6.2
0.6.4
0.6.5
0.6.6
0.6.7
0.6.8
0.6.9
0.6.10
0.6.10.post1
0.6.11
0.6.12
0.6.13
0.6.14
0.6.15
0.6.16
0.6.16.post1
0.6.17
0.6.18
0.6.19
0.6.20
0.6.21.post1
0.6.22
0.6.23
0.6.24
0.6.25
0.6.25.post1
0.6.26
0.6.27
0.6.28
0.6.29
0.6.30
0.6.31
0.6.32
0.6.33
0.6.34
0.6.34.post1
0.6.35
0.6.36
0.6.37
0.6.38
0.6.38.post1
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.7
0.7.8
0.7.9
0.7.10
0.7.10.post1
0.7.11
0.7.11.post1
0.7.12
0.7.13
0.7.14
0.7.15
0.7.16
0.7.17
0.7.18
0.7.19
0.7.20
0.7.21
0.7.22
0.7.23
0.7.24.post1
0.8.0
0.8.1
0.8.1.post1
0.8.2
0.8.2.post1
0.8.3
0.8.4
0.8.5
0.8.5.post1
0.8.5.post2
0.8.6
0.8.7
0.8.8
0.8.9
0.8.10
0.8.10.post1
0.8.11
0.8.11.post1
0.8.11.post2
0.8.11.post3
0.8.12
0.8.13
0.8.14
0.8.15
0.8.16
0.8.17
0.8.18
0.8.19
0.8.20
0.8.21
0.8.22
0.8.23
0.8.23.post1
0.8.24
0.8.24.post1
0.8.25
0.8.26
0.8.26.post1
0.8.27
0.8.28a1
0.8.28
0.8.29
0.8.29.post1
0.8.30
0.8.31
0.8.32
0.8.33
0.8.34
0.8.35
0.8.36
0.8.37
0.8.38
0.8.39
0.8.39.post2
0.8.40
0.8.41
0.8.42
0.8.43
0.8.43.post1
0.8.44
0.8.45
0.8.45.post1
0.8.46
0.8.47
0.8.48
0.8.49
0.8.50
0.8.51
0.8.51.post1
0.8.52
0.8.53
0.8.53.post3
0.8.54
0.8.55
0.8.56
0.8.57
0.8.58
0.8.59
0.8.61
0.8.62
0.8.63.post1
0.8.63.post2
0.8.64
0.8.64.post1
0.8.65
0.8.66
0.8.67
0.8.68
0.8.69
0.8.69.post1
0.8.69.post2
0.9.0a1
0.9.0a2
0.9.0a3
0.9.0
0.9.0.post1
0.9.1
0.9.2
0.9.3
0.9.3.post1
0.9.4
0.9.5
0.9.6
0.9.6.post1
0.9.6.post2
0.9.7
0.9.8
0.9.8.post1
0.9.9
0.9.10a1
0.9.10a2
0.9.10
0.9.11
0.9.11.post1
0.9.12a1
0.9.12a2
0.9.12a3
0.9.12a4
0.9.12a5
0.9.12a6
0.9.12
0.9.13