icon

We found results for “

CVE-2024-12910

Good to know:

icon

Date: March 20, 2025

A vulnerability in the "KnowledgeBaseWebReader" class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the "get_article_urls" method, exhausting system resources and potentially crashing the application.

Severity Score

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

icon

Upgrade Version

Upgrade to version llama-index - 0.12.9;llama-index - 0.12.9;https://github.com/run-llama/llama_index.git - v0.12.9

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us