CRITICAL🇵🇱 Wersja polska

CVE-2024-12909

CVSS 9.8v3.1pub. 2025-03-20upd. 2025-07-30

A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code execution (RCE) through the use of PostgreSQL's large object functionality. The issue is fixed in version 0.3.0.

🤖 AI Analysis
How it works

The `run_sql_query` function in the `database_agent` module of the FinanceChatLlamaPack component does not validate or parameterize user-supplied input data, allowing arbitrary code to be embedded in the SQL query. An attacker can exploit the large object functionality available in PostgreSQL to write and execute malicious code on the server side, thereby gaining full control over the process. The attack requires no authentication or any user interaction (network vector, no required privileges).

Impact

An attacker can gain full control over the database and — through the RCE mechanism — execute arbitrary code on the server, threatening the confidentiality, integrity, and availability of the entire system.

Mitigation & patch

The llama_index library should be updated to version 0.3.0 or newer, in which the bug has been fixed. Patch available in the project's GitHub repository (commit 5d03c175476452db9b8abcdb7d5767dd7b310a75). As a temporary measure, it is recommended to restrict access to the FinanceChatLlamaPack component and disable the ability to pass untrusted input data to the `run_sql_query` function.

Who is affected

Library run-llama/llama_index, FinanceChatLlamaPack component, versions up to and including v0.12.3.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Llamaindex

    APP
    Llamaindex
    < 0.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2025-1793CRITICAL9.8PL ✓ten sam produkt

SQL injection w LlamaIndex — nieautoryzowany dostęp do danych przez integracje vector store

CVE-2025-1750CRITICAL9.8PL ✓ten sam produkt

SQL Injection w DuckDBVectorStore umożliwiający RCE (LlamaIndex)

CVE-2024-11958CRITICAL9.8PL ✓ten sam produkt

SQL Injection umożliwiający RCE w komponencie duckdb_retriever biblioteki LlamaIndex

CVE-2024-3271CRITICAL9.8PL ✓ten sam produkt

Command injection w LlamaIndex — obejście safe_eval umożliwia RCE

CVE-2024-23751CRITICAL9.8PL ✓ten sam produkt

SQL injection w LlamaIndex przez funkcję Text-to-SQL