Medium osv · GHSA-2xxc-73fv-36f7

llama-index vulnerable to arbitrary code execution

Published Aug 15, 2023 CVSS 4.0

An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.

Remote Code Execution

Affected AI Products

llama-index

View original source