pysec-2025-11
Vulnerability from pysec
Published
2025-03-20 10:15
Modified
2025-04-01 23:22
Severity ?
Details
A vulnerability in the KnowledgeBaseWebReader class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the get_article_urls method, exhausting system resources and potentially crashing the application.
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "llama-index",
"purl": "pkg:pypi/llama-index"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "159ce485a1168100bb219dc1b93133f1121579d9"
}
],
"repo": "https://github.com/run-llama/llama_index",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.10.0",
"0.10.1",
"0.10.10",
"0.10.11",
"0.10.12",
"0.10.13",
"0.10.13.post1",
"0.10.14",
"0.10.15",
"0.10.16",
"0.10.17",
"0.10.18",
"0.10.19",
"0.10.20",
"0.10.22",
"0.10.23",
"0.10.24",
"0.10.25",
"0.10.26",
"0.10.27",
"0.10.28",
"0.10.29",
"0.10.3",
"0.10.30",
"0.10.31",
"0.10.32",
"0.10.33",
"0.10.34",
"0.10.35",
"0.10.36",
"0.10.37",
"0.10.38",
"0.10.39",
"0.10.4",
"0.10.40",
"0.10.41",
"0.10.42",
"0.10.43",
"0.10.44",
"0.10.45",
"0.10.45.post1",
"0.10.46",
"0.10.47",
"0.10.48",
"0.10.48.post1",
"0.10.49",
"0.10.5",
"0.10.50",
"0.10.51",
"0.10.52",
"0.10.53",
"0.10.54",
"0.10.54.post1",
"0.10.55",
"0.10.56",
"0.10.57",
"0.10.58",
"0.10.59",
"0.10.5a1",
"0.10.6",
"0.10.61",
"0.10.62",
"0.10.63",
"0.10.64",
"0.10.65",
"0.10.67.post1",
"0.10.68",
"0.10.7",
"0.10.8",
"0.10.9",
"0.11.0",
"0.11.1",
"0.11.10",
"0.11.11",
"0.11.12",
"0.11.13",
"0.11.14",
"0.11.15",
"0.11.16",
"0.11.17",
"0.11.18",
"0.11.19",
"0.11.2",
"0.11.20",
"0.11.21",
"0.11.22",
"0.11.23",
"0.11.3",
"0.11.4",
"0.11.5",
"0.11.6",
"0.11.7",
"0.11.8",
"0.11.9",
"0.12.0",
"0.12.1",
"0.12.2",
"0.12.3",
"0.12.4",
"0.12.5",
"0.12.6",
"0.12.7",
"0.12.8",
"0.4.10",
"0.4.11",
"0.4.12",
"0.4.13",
"0.4.14",
"0.4.15",
"0.4.16",
"0.4.17",
"0.4.18",
"0.4.19",
"0.4.20",
"0.4.21",
"0.4.22",
"0.4.22.post1",
"0.4.23",
"0.4.24",
"0.4.25",
"0.4.26",
"0.4.27",
"0.4.28",
"0.4.29",
"0.4.30",
"0.4.31",
"0.4.32",
"0.4.33",
"0.4.34",
"0.4.35",
"0.4.35.post1",
"0.4.36",
"0.4.37",
"0.4.38",
"0.4.39",
"0.4.4",
"0.4.4.post1",
"0.4.4.post2",
"0.4.40",
"0.4.5",
"0.4.6",
"0.4.7",
"0.4.8",
"0.4.9",
"0.5.0",
"0.5.1",
"0.5.10",
"0.5.11",
"0.5.12",
"0.5.13",
"0.5.13.post1",
"0.5.15",
"0.5.16",
"0.5.17",
"0.5.17.post1",
"0.5.18",
"0.5.19",
"0.5.2",
"0.5.20",
"0.5.21",
"0.5.22",
"0.5.23",
"0.5.23.post1",
"0.5.25",
"0.5.26",
"0.5.27",
"0.5.3",
"0.5.4",
"0.5.5",
"0.5.6",
"0.5.7",
"0.5.8",
"0.5.9",
"0.6.0",
"0.6.0a1",
"0.6.0a2",
"0.6.0a3",
"0.6.0a4",
"0.6.0a5",
"0.6.0a6",
"0.6.0a7",
"0.6.1",
"0.6.10",
"0.6.10.post1",
"0.6.11",
"0.6.12",
"0.6.13",
"0.6.14",
"0.6.15",
"0.6.16",
"0.6.16.post1",
"0.6.17",
"0.6.18",
"0.6.19",
"0.6.2",
"0.6.20",
"0.6.21.post1",
"0.6.22",
"0.6.23",
"0.6.24",
"0.6.25",
"0.6.25.post1",
"0.6.26",
"0.6.27",
"0.6.28",
"0.6.29",
"0.6.30",
"0.6.31",
"0.6.32",
"0.6.33",
"0.6.34",
"0.6.34.post1",
"0.6.35",
"0.6.36",
"0.6.37",
"0.6.38",
"0.6.38.post1",
"0.6.4",
"0.6.5",
"0.6.6",
"0.6.7",
"0.6.8",
"0.6.9",
"0.7.0",
"0.7.1",
"0.7.10",
"0.7.10.post1",
"0.7.11",
"0.7.11.post1",
"0.7.12",
"0.7.13",
"0.7.14",
"0.7.15",
"0.7.16",
"0.7.17",
"0.7.18",
"0.7.19",
"0.7.2",
"0.7.20",
"0.7.21",
"0.7.22",
"0.7.23",
"0.7.24.post1",
"0.7.3",
"0.7.4",
"0.7.5",
"0.7.6",
"0.7.7",
"0.7.8",
"0.7.9",
"0.8.0",
"0.8.1",
"0.8.1.post1",
"0.8.10",
"0.8.10.post1",
"0.8.11",
"0.8.11.post1",
"0.8.11.post2",
"0.8.11.post3",
"0.8.12",
"0.8.13",
"0.8.14",
"0.8.15",
"0.8.16",
"0.8.17",
"0.8.18",
"0.8.19",
"0.8.2",
"0.8.2.post1",
"0.8.20",
"0.8.21",
"0.8.22",
"0.8.23",
"0.8.23.post1",
"0.8.24",
"0.8.24.post1",
"0.8.25",
"0.8.26",
"0.8.26.post1",
"0.8.27",
"0.8.28",
"0.8.28a1",
"0.8.29",
"0.8.29.post1",
"0.8.3",
"0.8.30",
"0.8.31",
"0.8.32",
"0.8.33",
"0.8.34",
"0.8.35",
"0.8.36",
"0.8.37",
"0.8.38",
"0.8.39",
"0.8.39.post2",
"0.8.4",
"0.8.40",
"0.8.41",
"0.8.42",
"0.8.43",
"0.8.43.post1",
"0.8.44",
"0.8.45",
"0.8.45.post1",
"0.8.46",
"0.8.47",
"0.8.48",
"0.8.49",
"0.8.5",
"0.8.5.post1",
"0.8.5.post2",
"0.8.50",
"0.8.51",
"0.8.51.post1",
"0.8.52",
"0.8.53",
"0.8.53.post3",
"0.8.54",
"0.8.55",
"0.8.56",
"0.8.57",
"0.8.58",
"0.8.59",
"0.8.6",
"0.8.61",
"0.8.62",
"0.8.63.post1",
"0.8.63.post2",
"0.8.64",
"0.8.64.post1",
"0.8.65",
"0.8.66",
"0.8.67",
"0.8.68",
"0.8.69",
"0.8.69.post1",
"0.8.69.post2",
"0.8.7",
"0.8.8",
"0.8.9",
"0.9.0",
"0.9.0.post1",
"0.9.0a1",
"0.9.0a2",
"0.9.0a3",
"0.9.1",
"0.9.10",
"0.9.10a1",
"0.9.10a2",
"0.9.11",
"0.9.11.post1",
"0.9.12",
"0.9.12a1",
"0.9.12a2",
"0.9.12a3",
"0.9.12a4",
"0.9.12a5",
"0.9.12a6",
"0.9.13",
"0.9.14",
"0.9.14.post1",
"0.9.14.post2",
"0.9.14.post3",
"0.9.15",
"0.9.15.post1",
"0.9.15.post2",
"0.9.16",
"0.9.16.dev1",
"0.9.16.dev2",
"0.9.16.post1",
"0.9.17",
"0.9.17.dev1",
"0.9.18",
"0.9.19",
"0.9.2",
"0.9.20",
"0.9.21",
"0.9.22",
"0.9.23",
"0.9.24",
"0.9.25",
"0.9.25.post1",
"0.9.25a1",
"0.9.25a2",
"0.9.26",
"0.9.27",
"0.9.28",
"0.9.28.post1",
"0.9.28.post2",
"0.9.29",
"0.9.3",
"0.9.3.post1",
"0.9.30",
"0.9.31",
"0.9.32",
"0.9.33",
"0.9.33a2",
"0.9.33a3",
"0.9.33a4",
"0.9.33a5",
"0.9.33a6",
"0.9.34",
"0.9.35",
"0.9.36",
"0.9.37",
"0.9.37.post1",
"0.9.38",
"0.9.39",
"0.9.4",
"0.9.40",
"0.9.41",
"0.9.42",
"0.9.42.post1",
"0.9.42.post2",
"0.9.43",
"0.9.44",
"0.9.45",
"0.9.45.post1",
"0.9.46",
"0.9.47",
"0.9.48",
"0.9.5",
"0.9.6",
"0.9.6.post1",
"0.9.6.post2",
"0.9.7",
"0.9.8",
"0.9.8.post1",
"0.9.9"
]
}
],
"aliases": [
"CVE-2024-12910"
],
"details": "A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_urls` method, exhausting system resources and potentially crashing the application.",
"id": "PYSEC-2025-11",
"modified": "2025-04-01T23:22:47.294256+00:00",
"published": "2025-03-20T10:15:31+00:00",
"references": [
{
"type": "EVIDENCE",
"url": "https://huntr.com/bounties/27883f22-35ff-49df-aaa5-05031c7d6ad8"
},
{
"type": "FIX",
"url": "https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.