Описание
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
Ссылки
- Patch
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.12.21 (включая) до 0.12.28 (исключая)
cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*
EPSS
Процентиль: 1%
0.00011
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.1
redhat
7 месяцев назад
Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the llama-index library in a web application.
EPSS
Процентиль: 1%
0.00011
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-89