A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leading to remote code execution (RCE) through the use of PostgreSQL's large object functionality. The issue is fixed in version 0.3.0.
The `run_sql_query` function in the `database_agent` module of the FinanceChatLlamaPack component does not validate or parameterize user-supplied input data, allowing arbitrary code to be embedded in the SQL query. An attacker can exploit the large object functionality available in PostgreSQL to write and execute malicious code on the server side, thereby gaining full control over the process. The attack requires no authentication or any user interaction (network vector, no required privileges).
An attacker can gain full control over the database and — through the RCE mechanism — execute arbitrary code on the server, threatening the confidentiality, integrity, and availability of the entire system.
The llama_index library should be updated to version 0.3.0 or newer, in which the bug has been fixed. Patch available in the project's GitHub repository (commit 5d03c175476452db9b8abcdb7d5767dd7b310a75). As a temporary measure, it is recommended to restrict access to the FinanceChatLlamaPack component and disable the ability to pass untrusted input data to the `run_sql_query` function.
Library run-llama/llama_index, FinanceChatLlamaPack component, versions up to and including v0.12.3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLlamaindex
APPLlamaindex< 0.3.0
Related vulnerabilities
SQL injection w LlamaIndex — nieautoryzowany dostęp do danych przez integracje vector store
SQL Injection w DuckDBVectorStore umożliwiający RCE (LlamaIndex)
SQL Injection umożliwiający RCE w komponencie duckdb_retriever biblioteki LlamaIndex
Command injection w LlamaIndex — obejście safe_eval umożliwia RCE
SQL injection w LlamaIndex przez funkcję Text-to-SQL