CVE-2025-1750
SQL Injection in run-llama/llama_index
An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
run-llama · run-llama/llama_indexQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →