CVE-2024-4181
CVSS V2 None
CVSS V3 None
Description
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.
Overview
- CVE ID
- CVE-2024-4181
- Assigner
- @huntr_ai
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-05-16T09:03:47.278Z
- Last Modified Date
- 2024-06-04T17:55:23.180Z
Weakness Enumerations
References
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-4181 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4181 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-06-23 21:58:30 | Added to TrackCVE |