CVE-2023-39662 Information

Description

An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function.

Reference

https://github.com/jerryjliu/llama_index/issues/7054