Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/llama-index@0.12.39
Typepypi
Namespace
Namellama-index
Version0.12.39
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.12.41
Latest_non_vulnerable_version0.12.41
Affected_by_vulnerabilities
0
url VCID-pwa9-7xgw-vkgu
vulnerability_id VCID-pwa9-7xgw-vkgu
summary A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.
references
0
reference_url https://github.com/run-llama/llama_index/commit/cdeaab91a204d1c3527f177dac37390327aef274
reference_id
reference_type
scores
url https://github.com/run-llama/llama_index/commit/cdeaab91a204d1c3527f177dac37390327aef274
1
reference_url https://huntr.com/bounties/e89d14f8-bfe8-4c9a-bb2a-656c01cc9a68
reference_id
reference_type
scores
url https://huntr.com/bounties/e89d14f8-bfe8-4c9a-bb2a-656c01cc9a68
fixed_packages
0
url pkg:pypi/llama-index@0.12.41
purl pkg:pypi/llama-index@0.12.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.41
aliases CVE-2025-6209, PYSEC-2025-65
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwa9-7xgw-vkgu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.39