Vulnerability	Vulnerable Version
H Improper Handling of Exceptional Conditions llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the `stream_complete` method of the `LangChainLLM` class. An attacker can disrupt service availability by providing an input of type integer instead of a string and causing an error in the `stream` function where the thread terminates due to the error, but the process continues to run. How to fix Improper Handling of Exceptional Conditions? Upgrade `llama-index-core` to version 0.12.6 or higher.	[,0.12.6)
H SQL Injection llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to SQL Injection in the `default_jsonalyzer()` function, which may allow arbitrary file writes or denial of service by occupying database resources. An attacker who can inject SQL into a prompt can cause the SQL commands to be run on the underlying sqlite instance, including `ATTACH FILE` commands, which create files on the filesystem. How to fix SQL Injection? Upgrade `llama-index-core` to version 0.12.3 or higher.	[,0.12.3)

Improper Handling of Exceptional Conditions

llama-index-core is an Interface between LLMs and your data

Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions via the stream_complete method of the LangChainLLM class. An attacker can disrupt service availability by providing an input of type integer instead of a string and causing an error in the stream function where the thread terminates due to the error, but the process continues to run.

How to fix Improper Handling of Exceptional Conditions?

Upgrade llama-index-core to version 0.12.6 or higher.

[,0.12.6)

SQL Injection

llama-index-core is an Interface between LLMs and your data

Affected versions of this package are vulnerable to SQL Injection in the default_jsonalyzer() function, which may allow arbitrary file writes or denial of service by occupying database resources. An attacker who can inject SQL into a prompt can cause the SQL commands to be run on the underlying sqlite instance, including ATTACH FILE commands, which create files on the filesystem.

How to fix SQL Injection?

Upgrade llama-index-core to version 0.12.3 or higher.

[,0.12.3)

Go back to all versions of this package