llama-index-readers-papers 0.3.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the llama-index-readers-papers package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Expected Behavior Violation llama-index-readers-papers is a llama-index readers papers integration Affected versions of this package are vulnerable to Expected Behavior Violation via the `ArxivReader` process. An attacker can cause data loss by uploading papers with identical titles but different contents, resulting in one paper overwriting another due to MD5 hash collisions during filename generation. How to fix Expected Behavior Violation? Upgrade `llama-index-readers-papers` to version 0.3.2 or higher.	[,0.3.2)
H Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') llama-index-readers-papers is a llama-index readers papers integration Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') via the `parse_sitemap ()` function. An attacker can exhaust system memory and potentially cause a system crash by supplying a specially crafted XML file containing excessive entity expansions. How to fix Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')? Upgrade `llama-index-readers-papers` to version 0.3.2 or higher.	[,0.3.2)

Vulnerability

Vulnerable Version

Expected Behavior Violation

llama-index-readers-papers is a llama-index readers papers integration

Affected versions of this package are vulnerable to Expected Behavior Violation via the ArxivReader process. An attacker can cause data loss by uploading papers with identical titles but different contents, resulting in one paper overwriting another due to MD5 hash collisions during filename generation.

How to fix Expected Behavior Violation?

Upgrade llama-index-readers-papers to version 0.3.2 or higher.

[,0.3.2)

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

llama-index-readers-papers is a llama-index readers papers integration

Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') via the parse_sitemap () function. An attacker can exhaust system memory and potentially cause a system crash by supplying a specially crafted XML file containing excessive entity expansions.

How to fix Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')?

Upgrade llama-index-readers-papers to version 0.3.2 or higher.

[,0.3.2)

llama-index-readers-papers@0.3.0 vulnerabilities

llama-index readers papers integration

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

How to fix?