{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37091?format=json","vulnerability_id":"VCID-pwa9-7xgw-vkgu","summary":"A path traversal vulnerability exists in run-llama/llama_index versions 0.12.27 through 0.12.40, specifically within the `encode_image` function in `generic_utils.py`. This vulnerability allows an attacker to manipulate the `image_path` input to read arbitrary files on the server, including sensitive system files. The issue arises due to improper validation or sanitization of the file path, enabling path traversal sequences to access files outside the intended directory. The vulnerability is fixed in version 0.12.41.","aliases":[{"alias":"CVE-2025-6209"},{"alias":"PYSEC-2025-65"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46022?format=json","purl":"pkg:pypi/llama-index@0.12.41","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.41"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/46008?format=json","purl":"pkg:pypi/llama-index@0.12.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.27"},{"url":"http://public2.vulnerablecode.io/api/packages/46009?format=json","purl":"pkg:pypi/llama-index@0.12.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.28"},{"url":"http://public2.vulnerablecode.io/api/packages/46010?format=json","purl":"pkg:pypi/llama-index@0.12.29","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.29"},{"url":"http://public2.vulnerablecode.io/api/packages/46011?format=json","purl":"pkg:pypi/llama-index@0.12.30","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.30"},{"url":"http://public2.vulnerablecode.io/api/packages/46012?format=json","purl":"pkg:pypi/llama-index@0.12.31","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.31"},{"url":"http://public2.vulnerablecode.io/api/packages/46013?format=json","purl":"pkg:pypi/llama-index@0.12.32","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.32"},{"url":"http://public2.vulnerablecode.io/api/packages/46014?format=json","purl":"pkg:pypi/llama-index@0.12.33","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.33"},{"url":"http://public2.vulnerablecode.io/api/packages/46015?format=json","purl":"pkg:pypi/llama-index@0.12.34","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.34"},{"url":"http://public2.vulnerablecode.io/api/packages/46016?format=json","purl":"pkg:pypi/llama-index@0.12.35","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.35"},{"url":"http://public2.vulnerablecode.io/api/packages/46017?format=json","purl":"pkg:pypi/llama-index@0.12.36","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.36"},{"url":"http://public2.vulnerablecode.io/api/packages/46018?format=json","purl":"pkg:pypi/llama-index@0.12.37","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.37"},{"url":"http://public2.vulnerablecode.io/api/packages/46019?format=json","purl":"pkg:pypi/llama-index@0.12.38","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.38"},{"url":"http://public2.vulnerablecode.io/api/packages/46020?format=json","purl":"pkg:pypi/llama-index@0.12.39","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.39"},{"url":"http://public2.vulnerablecode.io/api/packages/46021?format=json","purl":"pkg:pypi/llama-index@0.12.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pwa9-7xgw-vkgu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/llama-index@0.12.40"}],"references":[{"reference_url":"https://github.com/run-llama/llama_index/commit/cdeaab91a204d1c3527f177dac37390327aef274","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/run-llama/llama_index/commit/cdeaab91a204d1c3527f177dac37390327aef274"},{"reference_url":"https://huntr.com/bounties/e89d14f8-bfe8-4c9a-bb2a-656c01cc9a68","reference_id":"","reference_type":"","scores":[],"url":"https://huntr.com/bounties/e89d14f8-bfe8-4c9a-bb2a-656c01cc9a68"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwa9-7xgw-vkgu"}