A SQL injection vulnerability exists in the `duckdb_retriever` component of the run-llama/llama_index repository, specifically in the latest version. The vulnerability arises from the construction of SQL queries without using prepared statements, allowing an attacker to inject arbitrary SQL code. This can lead to remote code execution (RCE) by installing the shellfs extension and executing malicious commands.
The vulnerability results from constructing SQL queries without using prepared statements in the `duckdb_retriever` component. An attacker can inject arbitrary SQL code through unfiltered user input. The exploit involves leveraging the shellfs extension installation mechanism in the DuckDB engine, which allows execution of arbitrary system commands (RCE). The attack vector is network-based, requires no authentication or user interaction.
An attacker can gain full access to data stored in the database and execute arbitrary operating system commands on the server hosting the application, which may lead to complete system takeover.
The LlamaIndex library should be updated to a version containing the patch described in commit 35bd221e948e40458052d30c6ef2779bc965b6d0 in the run-llama/llama_index repository. Until the patch is implemented, it is recommended to restrict access to the `duckdb_retriever` component and enforce strict input data validation.
The latest version of the run-llama/llama_index library (duckdb_retriever component) — specific versions indicated in vendor references
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLlamaindex
APPLlamaindex< 0.4.0
Related vulnerabilities
SQL injection w LlamaIndex — nieautoryzowany dostęp do danych przez integracje vector store
SQL Injection w DuckDBVectorStore umożliwiający RCE (LlamaIndex)
SQL Injection i RCE w FinanceChatLlamaPack biblioteki LlamaIndex
Command injection w LlamaIndex — obejście safe_eval umożliwia RCE
SQL injection w LlamaIndex przez funkcję Text-to-SQL