VYPR

PyPI package

llama-index-packs-finchat

pkg:pypi/llama-index-packs-finchat

Vulnerabilities (1)

  • CVE-2024-12909Mar 20, 2025
    affected <= 0.3.0

    A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for SQL injection in the `run_sql_query` function of the `database_agent`. This vulnerability can be exploited by an attacker to inject arbitrary SQL queries, leadi