Vulnerability Description
LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The function uses pickle.load() to deserialize multi_embed_store.pkl from a user-supplied persist_dir without validation. An attacker who can provide a crafted persist directory containing a malicious pickle file can trigger arbitrary code execution when the victim loads the index from disk.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Llamaindex | Llamaindex | <= 0.11.6 |
Related Weaknesses (CWE)
References
- https://github.com/run-llama/llama_indexProduct
- https://huntr.com/bounties/ab4ceeb4-aa85-4d1c-aaca-4eda1b71fc12ExploitThird Party Advisory
- https://www.llamaindex.ai/Product
- https://www.vulncheck.com/advisories/llamaindex-bgem3index-unsafe-deserializatioThird Party Advisory
FAQ
What is CVE-2024-14021?
CVE-2024-14021 is a vulnerability with a CVSS score of 7.8 (HIGH). LlamaIndex (run-llama/llama_index) versions up to and including 0.11.6 contain an unsafe deserialization vulnerability in BGEM3Index.load_from_disk() in llama_index/indices/managed/bge_m3/base.py. The...
How severe is CVE-2024-14021?
CVE-2024-14021 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-14021?
Check the references section above for vendor advisories and patch information. Affected products include: Llamaindex Llamaindex.