CVE-2024-23751
SQL injection vulnerability in llama-index (PyPI)
What is CVE-2024-23751 About?
This vulnerability in LlamaIndex (aka llama_index) through 0.9.34 allows for SQL injection via its Text-to-SQL feature. Attackers can execute arbitrary SQL commands by providing specially crafted English language input, leading to unauthorized data manipulation or extraction. Exploitation is relatively easy if an attacker can provide input to the affected Text-to-SQL components.
Affected Software
- llama-index
- <=0.9.35
- <0.9.35
Technical Details
The SQL injection vulnerability affects several LlamaIndex components, including NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine, when using their Text-to-SQL feature. This feature translates natural language queries into SQL. The vulnerability arises because user-supplied English language input is not adequately sanitized or validated before being converted into SQL queries and executed. An attacker can embed malicious SQL commands within their natural language input, such as 'Drop the Students table', which the Text-to-SQL engine will then interpret and execute as a legitimate SQL operation. This bypasses typical defenses by manipulating the translation layer from natural language to SQL.
What is the Impact of CVE-2024-23751?
Successful exploitation may allow attackers to execute arbitrary SQL commands against the underlying database. This can lead to unauthorized data access, modification, or deletion, potentially compromising the integrity, confidentiality, and availability of sensitive information and the entire database system.
What is the Exploitability of CVE-2024-23751?
Exploitation is relatively simple, requiring low complexity, as it involves crafting specific natural language inputs. The primary prerequisite is that the application uses LlamaIndex's Text-to-SQL feature and exposes an interface where users can provide input to it. Authentication requirements depend on the application's design; if the Text-to-SQL feature is accessible to unauthenticated users, then no authentication is needed. No special system privileges are required for the attacker, only the ability to interact with the vulnerable LlamaIndex component. This can be exploited remotely if the application providing Text-to-SQL functionality is web-accessible. Exploitation likelihood is high if user-controlled input directly feeds into these Text-to-SQL engines without stringent validation or whitelist-based sanitization.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2024-23751?
Available Upgrade Options
- llama-index
- <0.9.35 → Upgrade to 0.9.35
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/run-llama/llama_index
- https://github.com/run-llama/llama_index/issues/9957
- https://github.com/run-llama/llama_index/issues/9957
- https://nvd.nist.gov/vuln/detail/CVE-2024-23751
- https://github.com/pypa/advisory-database/tree/main/vulns/llama-index/PYSEC-2024-12.yaml
- https://github.com/run-llama/llama_index/issues/9957
- https://osv.dev/vulnerability/GHSA-2jxw-4hm4-6w87
What are Similar Vulnerabilities to CVE-2024-23751?
Similar Vulnerabilities: CVE-2023-49033 , CVE-2023-47000 , CVE-2022-38421 , CVE-2021-42045 , CVE-2020-5693
