exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2025-6209

около 1 месяца назад

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.

CVSS3: 5.3

EPSS: Низкий

CVE-2025-6209

около 1 месяца назад

A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.

CVSS3: 7.5

EPSS: Низкий

GHSA-2rhq-96q8-4vjq

около 1 месяца назад

LlamaIndex vulnerable to Path Traversal attack through its encode_image function

CVSS3: 7.5

EPSS: Низкий

BDU:2025-09021

около 1 месяца назад

Уязвимость функции encode_image фреймворка для работы с большими языковыми моделями (LLM) LlamaIndex, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю раскрыть защищаемую информацию

CVSS3: 7.5

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-6209 A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.	CVSS3: 5.3	0% Низкий	около 1 месяца назад
CVE-2025-6209 A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.	CVSS3: 7.5	0% Низкий	около 1 месяца назад
GHSA-2rhq-96q8-4vjq LlamaIndex vulnerable to Path Traversal attack through its encode_image function	CVSS3: 7.5	0% Низкий	около 1 месяца назад
BDU:2025-09021 Уязвимость функции encode_image фреймворка для работы с большими языковыми моделями (LLM) LlamaIndex, связанная с неверным ограничением имени пути к каталогу с ограниченным доступом, позволяющая нарушителю раскрыть защищаемую информацию	CVSS3: 7.5	0% Низкий	около 1 месяца назад

Уязвимостей на страницу