CNNVD-202601-1884 Information
CNNVD ID
CNNVD-202601-1884
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
LlamaIndex是LlamaIndex开源的一个 LLM 应用程序的数据框架。 LlamaIndex 0.12.2及之前版本存在安全漏洞,该漏洞源于VannaPack VannaQueryEngine实现中未强制执行查询执行限制,可能导致资源消耗型拒绝服务攻击。
Description (English)
LlamaIndex is a data frame for an LLM application that is an open source for LlamaIndex. The LlamaIndex 0.12.2 and previous versions contain a security gap stemming from the non-enforcement of the search enforcement restrictions in the implementation of VannaPack VannaQueryEngine, which may lead to resource-consumption-type denial-of-service attacks.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
LlamaIndex
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/run-llama/llama_index https://huntr.com/bounties/a1d6c30d-fce0-412a-bd22-14e0d4c1fa1f https://www.llamaindex.ai/ https://www.vulncheck.com/advisories/llamaindex-vannaqueryengine-sql-execution-allows-resource-exhaustion https://access.redhat.com/security/cve/cve-2024-58339
Patch
https://github.com/run-llama/llama_index/releases
Share on: