CNNVD-202507-771 Information
Jul 07, 2025
cve
CNNVD ID
CNNVD-202507-771
Related CVE
- CNNVD Published: 2025-07-07
Description (Chinese)
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.22.post1及之前版本存在安全漏洞,该漏洞源于ArxivReader类生成文件名时存在MD5哈希冲突,可能导致数据丢失。
Description (English)
LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. LlamaIndex 0.12.2.post1 and previous versions had a security loophole, which originated in the MD5-Hashi conflict at the time the ArxivReader category generated the file name, which could lead to data loss.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LlamaIndex
Published
2025-07-07
Last Modified
2026-02-24
References
https://github.com/run-llama/llama_index/commit/0008041e8dde8e519621388e5d6f558bde6ef42e https://huntr.com/bounties/80182c3a-876f-422f-8bac-38267e0345d6 https://access.redhat.com/security/cve/cve-2025-3044
Patch
https://github.com/run-llama/llama_index/releases
Share on: