Количество 2
Количество 2
CVE-2024-23751
LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input.
GHSA-2jxw-4hm4-6w87
SQL injection in llama-index
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-23751 LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input. | CVSS3: 9.8 | 0% Низкий | около 2 лет назад |
| GHSA-2jxw-4hm4-6w87 SQL injection in llama-index | CVSS3: 9.8 | 0% Низкий | около 2 лет назад |
Уязвимостей на страницу