Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prompt Injection leading to Arbitrary Code Execution in run-llama/llama_index
Vulnerability Description
A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
LlamaIndex 代码注入漏洞
Vulnerability Description
LlamaIndex是Jerry Liu个人开发者的一个 LLM 应用程序的数据框架。 LlamaIndex存在代码注入漏洞,该漏洞源于 exec_utils 中的 safe_eval 函数输入验证不足,允许通过提示注入,导致任意代码执行。
CVSS Information
N/A
Vulnerability Type
N/A