CNNVD-202507-680 Information
Jul 07, 2025
cve
CNNVD ID
CNNVD-202507-680
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.27至0.12.40版本存在安全漏洞,该漏洞源于generic_utils.py中encode_image函数路径验证不足,可能导致路径遍历攻击。
Description (English)
LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex versions 0.12.27 to 0.12.40 contain a security loophole that originates from the inadequate verification of the encode image function path in the generic utils.py, which could lead to a path attack.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
LlamaIndex
Published
2025-07-07
Last Modified
2026-02-24
References
https://nvd.nist.gov/vuln/detail/CVE-2025-6209 https://access.redhat.com/security/cve/cve-2025-6209
Patch
https://github.com/run-llama/llama_index/releases
Share on: