{"data":{"id":"56b68565-ec51-4e1d-8297-485a27f31d3b","title":"CVE-2024-3098: A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eva","summary":"A vulnerability was found in the `safe_eval` function of the `llama_index` package that allows prompt injection (tricking an AI by hiding instructions in its input) to execute arbitrary code (running code an attacker chooses). The flaw exists because the input validation is insufficient, meaning the package doesn't properly check what data is being passed in, allowing attackers to bypass safety restrictions that were meant to prevent this type of attack.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-3098","publishedAt":"2024-04-10T17:15:56.213Z","cveId":"CVE-2024-3098","cweIds":["CWE-94"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LlamaIndex"],"affectedVendorsRaw":["LlamaIndex"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00188,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}