An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llama_index version v0.12.19. This vulnerability allows an attacker to manipulate the ref_doc_id parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code execution (RCE).
An attacker can manipulate the ref_doc_id parameter passed to the delete function in the DuckDBVectorStore class, which is not properly validated or escaped before being used in an SQL query. By crafting a malicious parameter value, it is possible to inject arbitrary SQL instructions. This in turn enables operations on the server file system, such as reading and writing arbitrary files, which can lead to complete system takeover through RCE.
An attacker can read and modify any files on the server, and in an extreme scenario obtain remote code execution (RCE), which means complete takeover of the system hosting the application.
Patches available from the vendor should be applied according to references — fix available in the GitHub repository (commit 369a2942df2efcf6b74461c45d20a0af1fbe4ae2). It is recommended to update the LlamaIndex library to the version containing the indicated patch as soon as possible.
LlamaIndex (run-llama/llama_index) version v0.12.19 — affects applications using the DuckDBVectorStore component.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLlamaindex
APPLlamaindex0.12.19 – 0.12.21 (bez)
Related vulnerabilities
SQL injection w LlamaIndex — nieautoryzowany dostęp do danych przez integracje vector store
SQL Injection i RCE w FinanceChatLlamaPack biblioteki LlamaIndex
SQL Injection umożliwiający RCE w komponencie duckdb_retriever biblioteki LlamaIndex
Command injection w LlamaIndex — obejście safe_eval umożliwia RCE
SQL injection w LlamaIndex przez funkcję Text-to-SQL