A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application.
The safe_eval function implements a security mechanism that checks whether code generated by the LLM model contains underscores. An attacker can craft input data that does not contain underscores but still leads to operating system command execution — effectively bypassing this control. The vulnerability is accessible remotely, without requiring authentication or user interaction (vector AV:N, PR:N, UI:N).
An attacker gains the ability to execute arbitrary code remotely (RCE) on the server, which may lead to complete system compromise, data theft, and violation of service integrity and availability.
Update the LlamaIndex library to a version containing commit 5fbcb5a8b9f20f81b791c7fc8849e352613ab475 or later. Details are available in vendor references and on the huntr.com platform.
The run-llama/llama_index library — versions indicated in vendor references (fix commit: 5fbcb5a8b9f20f81b791c7fc8849e352613ab475)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLlamaindex
APPLlamaindex0.10.6 – 0.10.26 (bez)
Related vulnerabilities
SQL injection w LlamaIndex — nieautoryzowany dostęp do danych przez integracje vector store
SQL Injection w DuckDBVectorStore umożliwiający RCE (LlamaIndex)
SQL Injection i RCE w FinanceChatLlamaPack biblioteki LlamaIndex
SQL Injection umożliwiający RCE w komponencie duckdb_retriever biblioteki LlamaIndex
SQL injection w LlamaIndex przez funkcję Text-to-SQL