Количество 3
Количество 3
CVE-2025-1750
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).
GHSA-6mcc-q3mg-3qg6
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).
BDU:2025-06393
Уязвимость класса DuckDBVectorStore фреймворка для работы с большими языковыми моделями (LLM) LlamaIndex, позволяющая нарушителю выполнить произвольный код
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-1750 An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE). | CVSS3: 9.8 | 1% Низкий | 8 месяцев назад |
| GHSA-6mcc-q3mg-3qg6 An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE). | CVSS3: 9.8 | 1% Низкий | 8 месяцев назад |
 | BDU:2025-06393 Уязвимость класса DuckDBVectorStore фреймворка для работы с большими языковыми моделями (LLM) LlamaIndex, позволяющая нарушителю выполнить произвольный код | CVSS3: 9.8 | 1% Низкий | 12 месяцев назад |
Уязвимостей на страницу