llama-index@0.10.24 vulnerabilities

Interface between LLMs and your data

latest version

0.10.37
first published

a year ago
latest version published

2 days ago
licenses detected
- MIT
  [0,)
View llama-index package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the llama-index package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H SQL Injection llama-index is an Interface between LLMs and your data Affected versions of this package are vulnerable to SQL Injection via the Text-to-SQL feature in `NLSQLTableQueryEngine`, `SQLTableRetrieverQueryEngine`, `NLSQLRetriever`, `RetrieverQueryEngine` and `PGVectorSQLQueryEngine`. An attacker can manipulate or corrupt database contents by injecting SQL commands into the English language input. How to fix SQL Injection? There is no fixed version for `llama-index`.	[0,)

SQL Injection

llama-index is an Interface between LLMs and your data

Affected versions of this package are vulnerable to SQL Injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine and PGVectorSQLQueryEngine. An attacker can manipulate or corrupt database contents by injecting SQL commands into the English language input.

How to fix SQL Injection?

There is no fixed version for llama-index.

[0,)

Go back to all versions of this package

llama-index@0.10.24 vulnerabilities

Interface between LLMs and your data

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities