CVE-2024-4181
published 2024-05-16CVE-2024-4181: A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect…
PriorityP356high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
2.12%
79.5th percentile
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| llamaindex | llamaindex | >= 0.9.47 < 0.10.13 | 0.10.13 |
| run-llama | run-llama_llama_index | >= unspecified < 0.10.13 | 0.10.13 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
RunGptLLM class in LlamaIndex has a command injection
osv·2024-05-16
CVE-2024-4181 [HIGH] RunGptLLM class in LlamaIndex has a command injection
RunGptLLM class in LlamaIndex has a command injection
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.
GHSA
RunGptLLM class in LlamaIndex has a command injection
ghsa·2024-05-16
CVE-2024-4181 [HIGH] CWE-94 RunGptLLM class in LlamaIndex has a command injection
RunGptLLM class in LlamaIndex has a command injection
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
mitre_cwe
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Phase: Implementation
Note: This weakness is prevalent in handler/dispatch procedures that might want to invoke a large number of functions, or set a large number of variables.
Common Consequences:
Scope: Confidentiality. Impact: Read Files or Directories, Read Application Data. The injected code could access restricted data / files.
Scope: Access Control. Impact:
CWE
Improper Control of Generation of Code ('Code Injection')
mitre_cwe
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-94: Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism. In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
Scope: Access Control. Impact: Gain Privileges or Assume Identity. Injected code can access resources that the attacker is directly prevented from ac
https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7bahttps://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7bahttps://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1
2024-05-16
Published