Critical severityNVD Advisory· Published Aug 15, 2023· Updated Oct 8, 2024
CVE-2023-39662
CVE-2023-39662
Description
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
llama-indexPyPI | < 0.9.14 | 0.9.14 |
Affected products
2- llama_index/llama_indexdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-2xxc-73fv-36f7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-39662ghsaADVISORY
- github.com/jerryjliu/llama_index/issues/7054ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2023-148.yamlghsaWEB
- github.com/run-llama/llama_index/commit/9f3e50a803f519af9ab62e63d413441c43001d81ghsaWEB
- github.com/run-llama/llama_index/commit/aa6726706476e0f957a8d57a5ca89e519e93bad7ghsaWEB
News mentions
0No linked articles in our index yet.