CNNVD-202507-665 Information
Jul 07, 2025
cve
CNNVD ID
CNNVD-202507-665
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.27版本存在路径遍历漏洞,该漏洞源于ObsidianReader类中硬链接处理不当,可能导致路径遍历攻击。
Description (English)
LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex 0.12.27 version has a loophole in its path, which stems from the inappropriate handling of hard links in the Obsidian Reader category, which could lead to a path attack.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
LlamaIndex
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/run-llama/llama_index/commit/a86c96ae0e662492eeb471b658ae849a93f628ff https://huntr.com/bounties/a654b322-a509-4448-a1f5-0f22850b4687 https://access.redhat.com/security/cve/cve-2025-6210
Patch
https://github.com/run-llama/llama_index/releases
Share on: