Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
XML Entity Expansion vulnerability in run-llama/llama_index
Vulnerability Description
An XML Entity Expansion vulnerability, also known as a 'billion laughs' attack, exists in the sitemap parser of the run-llama/llama_index repository, specifically affecting version v0.12.21. This vulnerability allows an attacker to supply a malicious Sitemap XML, leading to a Denial of Service (DoS) by exhausting system memory and potentially causing a system crash. The issue is resolved in version v0.12.29.
CVSS Information
N/A
Vulnerability Type
DTD中递归实体索引的不恰当限制(XML实体扩展)
Vulnerability Title
LlamaIndex 安全漏洞
Vulnerability Description
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.21版本存在安全漏洞,该漏洞源于站点地图解析器存在XML实体扩展漏洞,可能导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A