Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
MD5 Hash Collision in run-llama/llama_index
Vulnerability Description
A vulnerability in the DocugamiReader class of the run-llama/llama_index repository, up to version 0.12.28, involves the use of MD5 hashing to generate IDs for document chunks. This approach leads to hash collisions when structurally distinct chunks contain identical text, resulting in one chunk overwriting another. This can cause loss of semantically or legally important document content, breakage of parent-child chunk hierarchies, and inaccurate or hallucinated responses in AI outputs. The issue is resolved in version 0.3.1.
CVSS Information
N/A
Vulnerability Type
预期行为违背
Vulnerability Title
LlamaIndex 安全漏洞
Vulnerability Description
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.28及之前版本存在安全漏洞,该漏洞源于使用MD5哈希生成文档块ID,可能导致哈希冲突。
CVSS Information
N/A
Vulnerability Type
N/A