CVE-2024-4181

CVSS V2 None CVSS V3 None
Description
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.
Overview
  • CVE ID
  • CVE-2024-4181
  • Assigner
  • @huntr_ai
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-05-16T09:03:47.278Z
  • Last Modified Date
  • 2024-06-04T17:55:23.180Z
History
Created Old Value New Value Data Type Notes
2024-06-23 21:58:30 Added to TrackCVE