We use cookies to improve your experience on our site.
AVID-2026-R1532
Description
Vulnerability CVE-2024-45201
Details
An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.
Reason for inclusion in AVID: CVE-2024-45201 affects llama_index prior to 0.10.38 and involves an exec call for dynamic import, creating a potential code execution vulnerability in a software library commonly used in AI pipelines. This is a software supply-chain issue (a dependency used to build/run AI systems) with clear security risk, not hardware-only. Sufficient evidence is provided by the CVE description and references to the fix/release notes.
References
- NVD entry
- https://github.com/run-llama/llama_index/pull/13523
- https://github.com/run-llama/llama_index/compare/v0.10.37…v0.10.38
Affected or Relevant Artifacts
- Developer: n/a
- Deployer: n/a
- Artifact Details:
| Type | Name |
|---|---|
| System | n/a |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-08-22
- Version: 0.3.3
- AVID Entry