CRITICAL🇵🇱 Wersja polska

CVE-2024-11958

CVSS 9.8v3.0pub. 2025-03-20upd. 2025-07-29

A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. This can lead to remote code execution (RCE) by installing the shellfs extension and executing malicious commands.

🤖 AI Analysis
How it works

The vulnerability results from constructing SQL queries without using prepared statements in the `duckdb_retriever` component. An attacker can inject arbitrary SQL code through unfiltered user input. The exploit involves leveraging the shellfs extension installation mechanism in the DuckDB engine, which allows execution of arbitrary system commands (RCE). The attack vector is network-based, requires no authentication or user interaction.

Impact

An attacker can gain full access to data stored in the database and execute arbitrary operating system commands on the server hosting the application, which may lead to complete system takeover.

Mitigation & patch

The LlamaIndex library should be updated to a version containing the patch described in commit 35bd221e948e40458052d30c6ef2779bc965b6d0 in the run-llama/llama_index repository. Until the patch is implemented, it is recommended to restrict access to the `duckdb_retriever` component and enforce strict input data validation.

Who is affected

The latest version of the run-llama/llama_index library (duckdb_retriever component) — specific versions indicated in vendor references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Llamaindex

    APP
    Llamaindex
    < 0.4.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCESQLi
CWE
References

Related vulnerabilities

CVE-2025-1793CRITICAL9.8PL ✓ten sam produkt

SQL injection w LlamaIndex — nieautoryzowany dostęp do danych przez integracje vector store

CVE-2025-1750CRITICAL9.8PL ✓ten sam produkt

SQL Injection w DuckDBVectorStore umożliwiający RCE (LlamaIndex)

CVE-2024-12909CRITICAL9.8PL ✓ten sam produkt

SQL Injection i RCE w FinanceChatLlamaPack biblioteki LlamaIndex

CVE-2024-3271CRITICAL9.8PL ✓ten sam produkt

Command injection w LlamaIndex — obejście safe_eval umożliwia RCE

CVE-2024-23751CRITICAL9.8PL ✓ten sam produkt

SQL injection w LlamaIndex przez funkcję Text-to-SQL