Homepage
About Snyk

llama-index-core@0.10.19 vulnerabilities

Interface between LLMs and your data

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the llama-index-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Improper Control of Generation of Code ('Code Injection')

llama-index-core is an Interface between LLMs and your data

Affected versions of this package are vulnerable to Improper Control of Generation of Code ('Code Injection') due to insufficient validation of input in the exec_utils class, specifically within the safe_eval function. An attacker can bypass method restrictions and execute unauthorized code by exploiting the flaw. This vulnerability is a bypass of the CVE-2023-39662 fix.

How to fix Improper Control of Generation of Code ('Code Injection')?

Upgrade llama-index-core to version 0.10.24 or higher.

[,0.10.24)
Go back to all versions of this package