CVE-2023-39662

Severity CVSS v4.0:
Pending analysis
Type:
CWE-74 Injection
Publication date:
15/08/2023
Last modified:
22/08/2023

Description

An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:llamaindex_project:llamaindex:*:*:*:*:*:python:*:* 0.7.13 (including)


References to Advisories, Solutions, and Tools