{"id":"PYSEC-2023-148","details":"An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function.","aliases":["CVE-2023-39662","GHSA-2xxc-73fv-36f7"],"modified":"2023-11-08T04:13:15.374204Z","published":"2023-08-15T17:15:00Z","references":[{"type":"REPORT","url":"https://github.com/jerryjliu/llama_index/issues/7054"}],"affected":[{"package":{"name":"llama-index","ecosystem":"PyPI","purl":"pkg:pypi/llama-index"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.14"}]}],"versions":["0.4.10","0.4.11","0.4.12","0.4.13","0.4.14","0.4.15","0.4.16","0.4.17","0.4.18","0.4.19","0.4.20","0.4.21","0.4.22","0.4.22.post1","0.4.23","0.4.24","0.4.25","0.4.26","0.4.27","0.4.28","0.4.29","0.4.30","0.4.31","0.4.32","0.4.33","0.4.34","0.4.35","0.4.35.post1","0.4.36","0.4.37","0.4.38","0.4.39","0.4.4","0.4.4.post1","0.4.4.post2","0.4.40","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.1","0.5.10","0.5.11","0.5.12","0.5.13","0.5.13.post1","0.5.15","0.5.16","0.5.17","0.5.17.post1","0.5.18","0.5.19","0.5.2","0.5.20","0.5.21","0.5.22","0.5.23","0.5.23.post1","0.5.25","0.5.26","0.5.27","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.0a1","0.6.0a2","0.6.0a3","0.6.0a4","0.6.0a5","0.6.0a6","0.6.0a7","0.6.1","0.6.10","0.6.10.post1","0.6.11","0.6.12","0.6.13","0.6.14","0.6.15","0.6.16","0.6.16.post1","0.6.17","0.6.18","0.6.19","0.6.2","0.6.20","0.6.21.post1","0.6.22","0.6.23","0.6.24","0.6.25","0.6.25.post1","0.6.26","0.6.27","0.6.28","0.6.29","0.6.30","0.6.31","0.6.32","0.6.33","0.6.34","0.6.34.post1","0.6.35","0.6.36","0.6.37","0.6.38","0.6.38.post1","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.10","0.7.10.post1","0.7.11","0.7.11.post1","0.7.12","0.7.13","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/llama-index/PYSEC-2023-148.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}