admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-4181.md
0xMarcio 1fb02038e8 Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00

19 lines
1.1 KiB
Markdown
Raw Blame History

### [CVE-2024-4181](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4181)
![](https://img.shields.io/static/v1?label=Product&message=run-llama%2Fllama_index&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%200.10.13%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-94%20Improper%20Control%20of%20Generation%20of%20Code&color=brighgreen)
### Description
A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/XiaomingX/weekly
- https://github.com/yux1azhengye/yux1azhengye
Reference in New Issue View Git Blame Copy Permalink