CVE-2024-45201 – llama-index

Package

Manager: pip
Name: llama-index
Vulnerable Version: =0.10.0 || =0.10.1 || =0.10.10 || =0.10.11 || =0.10.12 || =0.10.13 || =0.10.13.post1 || =0.10.14 || =0.10.15 || =0.10.16 || =0.10.17 || =0.10.18 || =0.10.19 || =0.10.20 || =0.10.22 || =0.10.23 || =0.10.24 || =0.10.25 || =0.10.26 || =0.10.27 || =0.10.28 || =0.10.29 || =0.10.3 || =0.10.30 || =0.10.31 || =0.10.32 || =0.10.33 || =0.10.34 || =0.10.35 || =0.10.36 || =0.10.37 || =0.10.4 || =0.10.5 || =0.10.5a1 || =0.10.6 || =0.10.7 || =0.10.8 || =0.10.9 || =0.4.10 || =0.4.11 || =0.4.12 || =0.4.13 || =0.4.14 || =0.4.15 || =0.4.16 || =0.4.17 || =0.4.18 || =0.4.19 || =0.4.20 || =0.4.21 || =0.4.22 || =0.4.22.post1 || =0.4.23 || =0.4.24 || =0.4.25 || =0.4.26 || =0.4.27 || =0.4.28 || =0.4.29 || =0.4.30 || =0.4.31 || =0.4.32 || =0.4.33 || =0.4.34 || =0.4.35 || =0.4.35.post1 || =0.4.36 || =0.4.37 || =0.4.38 || =0.4.39 || =0.4.4 || =0.4.4.post1 || =0.4.4.post2 || =0.4.40 || =0.4.5 || =0.4.6 || =0.4.7 || =0.4.8 || =0.4.9 || =0.5.0 || =0.5.1 || =0.5.10 || =0.5.11 || =0.5.12 || =0.5.13 || =0.5.13.post1 || =0.5.15 || =0.5.16 || =0.5.17 || =0.5.17.post1 || =0.5.18 || =0.5.19 || =0.5.2 || =0.5.20 || =0.5.21 || =0.5.22 || =0.5.23 || =0.5.23.post1 || =0.5.25 || =0.5.26 || =0.5.27 || =0.5.3 || =0.5.4 || =0.5.5 || =0.5.6 || =0.5.7 || =0.5.8 || =0.5.9 || =0.6.0 || =0.6.0a1 || =0.6.0a2 || =0.6.0a3 || =0.6.0a4 || =0.6.0a5 || =0.6.0a6 || =0.6.0a7 || =0.6.1 || =0.6.10 || =0.6.10.post1 || =0.6.11 || =0.6.12 || =0.6.13 || =0.6.14 || =0.6.15 || =0.6.16 || =0.6.16.post1 || =0.6.17 || =0.6.18 || =0.6.19 || =0.6.2 || =0.6.20 || =0.6.21.post1 || =0.6.22 || =0.6.23 || =0.6.24 || =0.6.25 || =0.6.25.post1 || =0.6.26 || =0.6.27 || =0.6.28 || =0.6.29 || =0.6.30 || =0.6.31 || =0.6.32 || =0.6.33 || =0.6.34 || =0.6.34.post1 || =0.6.35 || =0.6.36 || =0.6.37 || =0.6.38 || =0.6.38.post1 || =0.6.4 || =0.6.5 || =0.6.6 || =0.6.7 || =0.6.8 || =0.6.9 || =0.7.0 || =0.7.1 || =0.7.10 || =0.7.10.post1 || =0.7.11 || =0.7.11.post1 || =0.7.12 || =0.7.13 || =0.7.14 || =0.7.15 || =0.7.16 || =0.7.17 || =0.7.18 || =0.7.19 || =0.7.2 || =0.7.20 || =0.7.21 || =0.7.22 || =0.7.23 || =0.7.24.post1 || =0.7.3 || =0.7.4 || =0.7.5 || =0.7.6 || =0.7.7 || =0.7.8 || =0.7.9 || =0.8.0 || =0.8.1 || =0.8.1.post1 || =0.8.10 || =0.8.10.post1 || =0.8.11 || =0.8.11.post1 || =0.8.11.post2 || =0.8.11.post3 || =0.8.12 || =0.8.13 || =0.8.14 || =0.8.15 || =0.8.16 || =0.8.17 || =0.8.18 || =0.8.19 || =0.8.2 || =0.8.2.post1 || =0.8.20 || =0.8.21 || =0.8.22 || =0.8.23 || =0.8.23.post1 || =0.8.24 || =0.8.24.post1 || =0.8.25 || =0.8.26 || =0.8.26.post1 || =0.8.27 || =0.8.28 || =0.8.28a1 || =0.8.29 || =0.8.29.post1 || =0.8.3 || =0.8.30 || =0.8.31 || =0.8.32 || =0.8.33 || =0.8.34 || =0.8.35 || =0.8.36 || =0.8.37 || =0.8.38 || =0.8.39 || =0.8.39.post2 || =0.8.4 || =0.8.40 || =0.8.41 || =0.8.42 || =0.8.43 || =0.8.43.post1 || =0.8.44 || =0.8.45 || =0.8.45.post1 || =0.8.46 || =0.8.47 || =0.8.48 || =0.8.49 || =0.8.5 || =0.8.5.post1 || =0.8.5.post2 || =0.8.50 || =0.8.51 || =0.8.51.post1 || =0.8.52 || =0.8.53 || =0.8.53.post3 || =0.8.54 || =0.8.55 || =0.8.56 || =0.8.57 || =0.8.58 || =0.8.59 || =0.8.6 || =0.8.61 || =0.8.62 || =0.8.63.post1 || =0.8.63.post2 || =0.8.64 || =0.8.64.post1 || =0.8.65 || =0.8.66 || =0.8.67 || =0.8.68 || =0.8.69 || =0.8.69.post1 || =0.8.69.post2 || =0.8.7 || =0.8.8 || =0.8.9 || =0.9.0 || =0.9.0.post1 || =0.9.0a1 || =0.9.0a2 || =0.9.0a3 || =0.9.1 || =0.9.10 || =0.9.10a1 || =0.9.10a2 || =0.9.11 || =0.9.11.post1 || =0.9.12 || =0.9.12a1 || =0.9.12a2 || =0.9.12a3 || =0.9.12a4 || =0.9.12a5 || =0.9.12a6 || =0.9.13 || =0.9.14 || =0.9.14.post1 || =0.9.14.post2 || =0.9.14.post3 || =0.9.15 || =0.9.15.post1 || =0.9.15.post2 || =0.9.16 || =0.9.16.dev1 || =0.9.16.dev2 || =0.9.16.post1 || =0.9.17 || =0.9.17.dev1 || =0.9.18 || =0.9.19 || =0.9.2 || =0.9.20 || =0.9.21 || =0.9.22 || =0.9.23 || =0.9.24 || =0.9.25 || =0.9.25.post1 || =0.9.25a1 || =0.9.25a2 || =0.9.26 || =0.9.27 || =0.9.28 || =0.9.28.post1 || =0.9.28.post2 || =0.9.29 || =0.9.3 || =0.9.3.post1 || =0.9.30 || =0.9.31 || =0.9.32 || =0.9.33 || =0.9.33a2 || =0.9.33a3 || =0.9.33a4 || =0.9.33a5 || =0.9.33a6 || =0.9.34 || =0.9.35 || =0.9.36 || =0.9.37 || =0.9.37.post1 || =0.9.38 || =0.9.39 || =0.9.4 || =0.9.40 || =0.9.41 || =0.9.42 || =0.9.42.post1 || =0.9.42.post2 || =0.9.43 || =0.9.44 || =0.9.45 || =0.9.45.post1 || =0.9.46 || =0.9.47 || =0.9.48 || =0.9.5 || =0.9.6 || =0.9.6.post1 || =0.9.6.post2 || =0.9.7 || =0.9.8 || =0.9.8.post1 || =0.9.9 || >=0 <0.10.38

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00255 pctl0.48716

Details

An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.

Metadata

Created: 2024-08-22T20:15:10Z
Modified: 2025-01-19T13:56:51.122469Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F422
Auto approve: 1