A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL…
@huntr_ai·CWE-89·Published 2025-03-20
A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1.
A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1.
A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.12.3.
A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.12.3.
Una vulnerabilidad en la función `default_jsonalyzer` del `JSONalyzeQueryEngine` del repositorio run-llama/llama_index permite la inyección de SQL mediante la inyección de prompts. Esto puede provocar la creación arbitraria de archivos y ataques de denegación de servicio (DoS). La vulnerabilidad afecta a la última versión y está corregida en la versión 0.5.1.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 3.0 | Primary | cve.org | 7.1 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H |
| 3.0 | Primary | cve.org | 7.1 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H |
| 3.0 | Secondary | NVD | 7.1 | 2.8 | 4.2 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H |
| 3.1 | Secondary | GHSA | 7.1 | — | — | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H |