Medium osv · GHSA-2xxc-73fv-36f7

llama-index vulnerable to arbitrary code execution

Published Aug 15, 2023 CVSS 4.0

An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function.

Remote Code Execution

Affected AI Products

llama-index

View original source

Get the weekly digest. Every Monday: top AI security stories of the week. Free.