{"id":"PYSEC-2024-12","details":"LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via \"Drop the Students table\" within English language input.","aliases":["CVE-2024-23751","GHSA-2jxw-4hm4-6w87"],"modified":"2024-02-10T01:22:25.611009Z","published":"2024-01-22T01:15:00Z","references":[{"type":"REPORT","url":"https://github.com/run-llama/llama_index/issues/9957"}],"affected":[{"package":{"name":"llama-index","ecosystem":"PyPI","purl":"pkg:pypi/llama-index"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.9.35"}]}],"versions":["0.4.10","0.4.11","0.4.12","0.4.13","0.4.14","0.4.15","0.4.16","0.4.17","0.4.18","0.4.19","0.4.20","0.4.21","0.4.22","0.4.22.post1","0.4.23","0.4.24","0.4.25","0.4.26","0.4.27","0.4.28","0.4.29","0.4.30","0.4.31","0.4.32","0.4.33","0.4.34","0.4.35","0.4.35.post1","0.4.36","0.4.37","0.4.38","0.4.39","0.4.4","0.4.4.post1","0.4.4.post2","0.4.40","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.1","0.5.10","0.5.11","0.5.12","0.5.13","0.5.13.post1","0.5.15","0.5.16","0.5.17","0.5.17.post1","0.5.18","0.5.19","0.5.2","0.5.20","0.5.21","0.5.22","0.5.23","0.5.23.post1","0.5.25","0.5.26","0.5.27","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.0a1","0.6.0a2","0.6.0a3","0.6.0a4","0.6.0a5","0.6.0a6","0.6.0a7","0.6.1","0.6.10","0.6.10.post1","0.6.11","0.6.12","0.6.13","0.6.14","0.6.15","0.6.16","0.6.16.post1","0.6.17","0.6.18","0.6.19","0.6.2","0.6.20","0.6.21.post1","0.6.22","0.6.23","0.6.24","0.6.25","0.6.25.post1","0.6.26","0.6.27","0.6.28","0.6.29","0.6.30","0.6.31","0.6.32","0.6.33","0.6.34","0.6.34.post1","0.6.35","0.6.36","0.6.37","0.6.38","0.6.38.post1","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.10","0.7.10.post1","0.7.11","0.7.11.post1","0.7.12","0.7.13","0.7.14","0.7.15","0.7.16","0.7.17","0.7.18","0.7.19","0.7.2","0.7.20","0.7.21","0.7.22","0.7.23","0.7.24.post1","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.1.post1","0.8.10","0.8.10.post1","0.8.11","0.8.11.post1","0.8.11.post2","0.8.11.post3","0.8.12","0.8.13","0.8.14","0.8.15","0.8.16","0.8.17","0.8.18","0.8.19","0.8.2","0.8.2.post1","0.8.20","0.8.21","0.8.22","0.8.23","0.8.23.post1","0.8.24","0.8.24.post1","0.8.25","0.8.26","0.8.26.post1","0.8.27","0.8.28","0.8.28a1","0.8.29","0.8.29.post1","0.8.3","0.8.30","0.8.31","0.8.32","0.8.33","0.8.34","0.8.35","0.8.36","0.8.37","0.8.38","0.8.39","0.8.39.post2","0.8.4","0.8.40","0.8.41","0.8.42","0.8.43","0.8.43.post1","0.8.44","0.8.45","0.8.45.post1","0.8.46","0.8.47","0.8.48","0.8.49","0.8.5","0.8.5.post1","0.8.5.post2","0.8.50","0.8.51","0.8.51.post1","0.8.52","0.8.53","0.8.53.post3","0.8.54","0.8.55","0.8.56","0.8.57","0.8.58","0.8.59","0.8.6","0.8.61","0.8.62","0.8.63.post1","0.8.63.post2","0.8.64","0.8.64.post1","0.8.65","0.8.66","0.8.67","0.8.68","0.8.69","0.8.69.post1","0.8.69.post2","0.8.7","0.8.8","0.8.9","0.9.0","0.9.0.post1","0.9.0a1","0.9.0a2","0.9.0a3","0.9.1","0.9.10","0.9.10a1","0.9.10a2","0.9.11","0.9.11.post1","0.9.12","0.9.12a1","0.9.12a2","0.9.12a3","0.9.12a4","0.9.12a5","0.9.12a6","0.9.13","0.9.14","0.9.14.post1","0.9.14.post2","0.9.14.post3","0.9.15","0.9.15.post1","0.9.15.post2","0.9.16","0.9.16.dev1","0.9.16.dev2","0.9.16.post1","0.9.17","0.9.17.dev1","0.9.18","0.9.19","0.9.2","0.9.20","0.9.21","0.9.22","0.9.23","0.9.24","0.9.25","0.9.25.post1","0.9.25a1","0.9.25a2","0.9.26","0.9.27","0.9.28","0.9.28.post1","0.9.28.post2","0.9.29","0.9.3","0.9.3.post1","0.9.30","0.9.31","0.9.32","0.9.33","0.9.33a2","0.9.33a3","0.9.34","0.9.4","0.9.5","0.9.6","0.9.6.post1","0.9.6.post2","0.9.7","0.9.8","0.9.8.post1","0.9.9","0.9.33a4","0.9.33a5","0.9.33a6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/llama-index/PYSEC-2024-12.yaml"}}],"schema_version":"1.7.3"}