Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index
Vulnerability Description
The llama_index library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, data tampering, or privilege escalation. The vulnerability arises from the use of a shared cache directory instead of a user-specific one, making it susceptible to local data tampering and denial of service.
CVSS Information
N/A
Vulnerability Type
不安全的临时文件
Vulnerability Title
LlamaIndex 安全漏洞
Vulnerability Description
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.33版本存在安全漏洞,该漏洞源于默认将NLTK数据目录设置为代码库子目录且全局可写,可能导致拒绝服务、数据篡改或权限提升。
CVSS Information
N/A
Vulnerability Type
N/A