0.10.24
A critical Remote Code Execution (RCE) vulnerability (CVE-2024-3098) has been identified in LlamaIndex versions up to 0.10.24. This flaw stems from insufficient input validation within the safeeval function of the executils class, allowing attackers to inject malicious prompts. Successful exploitation can bypass method restrictions and lead to the execution of arbitrary code on the affected system, effectively creating a file.
The impact of CVE-2024-3098 is severe. An attacker can leverage prompt injection to execute arbitrary code, potentially gaining complete control over the system running LlamaIndex. This includes the ability to read, write, and execute files, install malware, and compromise sensitive data. The vulnerability bypasses previous mitigations for CVE-2023-39662, indicating a sophisticated attack surface. The demonstrated proof-of-concept involves creating files on the system, highlighting the potential for persistent compromise and data exfiltration. The blast radius extends to any application or service relying on vulnerable LlamaIndex instances.
CVE-2024-3098 is a high-priority vulnerability due to its CRITICAL CVSS score and the demonstrated proof-of-concept. It was publicly disclosed on April 10, 2024. The vulnerability bypasses previous mitigations for CVE-2023-39662, suggesting a potential for broader exploitation. No KEV listing or active exploitation campaigns have been publicly confirmed as of this writing, but the ease of exploitation and the severity of the impact warrant immediate attention.
Organizations utilizing LlamaIndex for applications involving natural language processing, data indexing, and question answering are at risk. This includes developers building AI-powered chatbots, knowledge retrieval systems, and other applications that rely on LlamaIndex's functionality. Specifically, those using older versions of LlamaIndex or those with less stringent input validation practices are particularly vulnerable.
• python / server:
import os
import subprocess
# Check for LlamaIndex version
process = subprocess.Popen(['pip', 'show', 'llama-index'], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = process.communicate()
if b'Version:' in stdout:
version_line = stdout.splitlines()[stdout.index(b'Version:') + 1]
version = version_line.decode('utf-8').strip()
if version <= '0.10.24':
print(f'Vulnerable LlamaIndex version detected: {version}')• linux / server:
ps aux | grep llama_index
# Look for unusual processes or arguments• generic web: Inspect LlamaIndex API endpoints for prompt injection vulnerabilities. Test with specially crafted prompts designed to execute system commands.
disclosure
patch
漏洞利用状态
EPSS
0.19% (41% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-3098 is to immediately upgrade LlamaIndex to version 0.10.24 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing strict input validation and sanitization on all prompts passed to LlamaIndex. While a WAF or proxy cannot directly prevent prompt injection, they can be configured to detect and block suspicious patterns. Monitor system logs for unusual file creation activity or unexpected process executions. Review and restrict the permissions granted to the LlamaIndex process to minimize potential damage in case of exploitation.
将 `llama_index` 库更新到 0.10.24 或更高版本。这将解决允许任意代码执行的提示词注入漏洞。使用 pip 包管理器执行更新:`pip install llama_index --upgrade`。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-3098 is a critical Remote Code Execution vulnerability in LlamaIndex versions up to 0.10.24. It allows attackers to execute arbitrary code through prompt injection due to insufficient input validation.
You are affected if you are using LlamaIndex version 0.10.24 or earlier. Upgrade to 0.10.24 or later to mitigate the risk.
The recommended fix is to upgrade LlamaIndex to version 0.10.24 or later. If upgrading is not possible, implement strict input validation and sanitization.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of future exploitation.
Refer to the LlamaIndex security advisory for detailed information and updates: [https://github.com/run-llama/llamaindex/security/advisories/GHSA-9835-5946-4997](https://github.com/run-llama/llamaindex/security/advisories/GHSA-9835-5946-4997)
上传你的 requirements.txt 文件,立即知道是否受影响。