CVE-2024-58339: LlamaIndex (run-llama/llama_index) versions up to and including 0.12.2 contain an uncontrolled resource consumption vuln
Summary
LlamaIndex versions up to 0.12.2 have a vulnerability where the VannaPack VannaQueryEngine takes user prompts, converts them to SQL statements, and runs them without limits on how much computing power they use. An attacker can exploit this by submitting prompts that trigger expensive SQL operations, causing the system to run out of CPU or memory (a denial-of-service attack, where a service becomes unavailable).
Vulnerability Details
7.5(high)
EPSS: 0.1%
Classification
Affected Vendors
Related Issues
CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem
CVE-2021-29541: TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a dereference of a null p
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-58339
First tracked: February 15, 2026 at 08:35 PM
Classified by LLM (prompt v3) · confidence: 95%