VYPR
High severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025

SQL Injection in run-llama/llama_index

CVE-2024-12911

Description

A vulnerability in the default_jsonalyzer function of the JSONalyzeQueryEngine in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
llama-indexPyPI
< 0.12.30.12.3

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.