Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade llama-index-readers-web
to version 0.3.3 or higher.
llama-index-readers-web is a llama-index readers web integration
Affected versions of this package are vulnerable to Uncontrolled Recursion via the KnowledgeBaseWebReader
class's get_article_urls()
function. An attacker can trigger a crash by supplying a URL to an object containing an href
reference to the root directory, causing infinite recursive traversal. E.g. <a class="article-link" href="/">