High severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
SQL Injection in run-llama/llama_index
CVE-2024-12911
Description
A vulnerability in the default_jsonalyzer function of the JSONalyzeQueryEngine in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
llama-indexPyPI | < 0.12.3 | 0.12.3 |
Affected products
2- Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.