llama-index-readers-web 0.1.9 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the llama-index-readers-web package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') llama-index-readers-web is a llama-index readers web integration Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') via the `parse_sitemap ()` function. An attacker can exhaust system memory and potentially cause a system crash by supplying a specially crafted XML file containing excessive entity expansions. How to fix Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')? Upgrade `llama-index-readers-web` to version 0.3.9 or higher.	[,0.3.9)
H Uncontrolled Recursion llama-index-readers-web is a llama-index readers web integration Affected versions of this package are vulnerable to Uncontrolled Recursion due to improper handling of the `max_depth` parameter in the `get_article_urls` function. An attacker can exhaust system resources and crash the application through repeated function calls, ultimately exceeding Python's recursion limit. How to fix Uncontrolled Recursion? Upgrade `llama-index-readers-web` to version 0.3.6 or higher.	[,0.3.6)
M Uncontrolled Recursion llama-index-readers-web is a llama-index readers web integration Affected versions of this package are vulnerable to Uncontrolled Recursion via the `KnowledgeBaseWebReader` class's `get_article_urls()` function. An attacker can trigger a crash by supplying a URL to an object containing an `href` reference to the root directory, causing infinite recursive traversal. E.g. `<a class="article-link" href="/">` How to fix Uncontrolled Recursion? Upgrade `llama-index-readers-web` to version 0.3.3 or higher.	[,0.3.3)

Vulnerability

Vulnerable Version

Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

llama-index-readers-web is a llama-index readers web integration

Affected versions of this package are vulnerable to Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') via the parse_sitemap () function. An attacker can exhaust system memory and potentially cause a system crash by supplying a specially crafted XML file containing excessive entity expansions.

How to fix Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')?

Upgrade llama-index-readers-web to version 0.3.9 or higher.

[,0.3.9)

Uncontrolled Recursion

llama-index-readers-web is a llama-index readers web integration

Affected versions of this package are vulnerable to Uncontrolled Recursion due to improper handling of the max_depth parameter in the get_article_urls function. An attacker can exhaust system resources and crash the application through repeated function calls, ultimately exceeding Python's recursion limit.

How to fix Uncontrolled Recursion?

Upgrade llama-index-readers-web to version 0.3.6 or higher.

[,0.3.6)

Uncontrolled Recursion

llama-index-readers-web is a llama-index readers web integration

Affected versions of this package are vulnerable to Uncontrolled Recursion via the KnowledgeBaseWebReader class's get_article_urls() function. An attacker can trigger a crash by supplying a URL to an object containing an href reference to the root directory, causing infinite recursive traversal. E.g. <a class="article-link" href="/">

How to fix Uncontrolled Recursion?

Upgrade llama-index-readers-web to version 0.3.3 or higher.

[,0.3.3)

llama-index-readers-web@0.1.9 vulnerabilities

llama-index readers web integration

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically