CVE-2024-12910 Information
Description
A vulnerability in the KnowledgeBaseWebReader class of the run-llama/llama_index repository version latest allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the get_article_urls method exhausting system resources and potentially crashing the application.
Reference
https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9
https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8
https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8
A
vulnerability
in
the
KnowledgeBaseWebReader
class
of
the
run-llama/llama_index
repository
version
latest
allows
an
attacker
to
cause
a
Denial
of
Service
(DoS)
by
controlling
a
URL
variable
to
contain
the
root
URL.
This
leads
to
infinite
recursive
calls
to
the
get_article_urls
method
exhausting
system
resources
and
potentially
crashing
the
application.