We use cookies to improve your experience on our site.
AVID-2026-R1271
Description
Vulnerability CVE-2023-39662
Details
An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the exec parameter in PandasQueryEngine function.
Reason for inclusion in AVID: CVE-2023-39662 describes a remote code execution vulnerability via the exec parameter in the PandasQueryEngine of llama_index, a Python library commonly used to build AI/ML applications and pipelines. This is a software vulnerability in a component (library) that is part of AI system stacks, affecting the software supply chain (dependencies, runtimes, and frameworks used to deploy AI solutions). It directly concerns AI/ML software and its safe operation, not hardware/firmware only.
References
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2023-08-15
- Version: 0.3.3
- AVID Entry