CVE-2024-4181 - Vulnerability Details - OpenCVE

A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Llamaindex	Llamaindex

Configuration 1 [-]

cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba
https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1

History

Tue, 21 Oct 2025 11:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Llamaindex Llamaindex llamaindex
CPEs		cpe:2.3:a:llamaindex:llamaindex::::::::
Vendors & Products		Llamaindex Llamaindex llamaindex

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-05-16T09:03:47.278Z

Updated: 2024-08-01T20:33:52.659Z

Reserved: 2024-04-25T13:52:02.986Z

Link: CVE-2024-4181

Vulnrichment

Updated: 2024-08-01T20:33:52.659Z

NVD

Status : Analyzed

Published: 2024-05-16T09:15:15.553

Modified: 2025-10-21T11:36:16.007

Link: CVE-2024-4181

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4181", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-25T13:52:02.986Z", "datePublished": "2024-05-16T09:03:47.278Z", "dateUpdated": "2024-08-01T20:33:52.659Z"}, "containers": {"cna": {"title": "Command Injection in run-llama/llama_index", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-16T09:03:47.278Z"}, "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines."}], "affected": [{"vendor": "run-llama", "product": "run-llama/llama_index", "versions": [{"version": "unspecified", "lessThan": "0.10.13", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1"}, {"url": "https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code", "cweId": "CWE-94"}]}], "source": {"advisory": "1a204520-598a-434e-b13d-0d34f2a5ddc1", "discovery": "EXTERNAL"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4181", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T16:10:22.479833Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:run-llama:llama_index:*:*:*:*:*:*:*:*"], "vendor": "run-llama", "product": "llama_index", "versions": [{"status": "affected", "version": "0.9.47"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:55:23.180Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.659Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1", "tags": ["x_transferred"]}, {"url": "https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1", "tags": ["x_transferred"]}, {"url": "https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:52.659Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4181", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T16:10:22.479833Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:run-llama:llama_index:*:*:*:*:*:*:*:*"], "vendor": "run-llama", "product": "llama_index", "versions": [{"status": "affected", "version": "0.9.47"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-16T17:38:08.773Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Command Injection in run-llama/llama_index", "source": {"advisory": "1a204520-598a-434e-b13d-0d34f2a5ddc1", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "run-llama", "product": "run-llama/llama_index", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.10.13", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1"}, {"url": "https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba"}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-16T09:03:47.278Z"}}}, "cveMetadata": {"cveId": "CVE-2024-4181", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:33:52.659Z", "dateReserved": "2024-04-25T13:52:02.986Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-05-16T09:03:47.278Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:llamaindex:llamaindex:*:*:*:*:*:*:*:*", "matchCriteriaId": "34FD9B1D-9DCA-4F40-A413-28B7CC8376E8", "versionEndExcluding": "0.10.13", "versionStartIncluding": "0.9.47", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability exists in the RunGptLLM class of the llama_index library, version 0.9.47, used by the RunGpt framework from JinaAI to connect to Language Learning Models (LLMs). The vulnerability arises from the improper use of the eval function, allowing a malicious or compromised LLM hosting provider to execute arbitrary commands on the client's machine. This issue was fixed in version 0.10.13. The exploitation of this vulnerability could lead to a hosting provider gaining full control over client machines."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en la clase RunGptLLM de la librer\u00eda llama_index, versi\u00f3n 0.9.47, utilizada por el marco RunGpt de JinaAI para conectarse a los modelos de aprendizaje de idiomas (LLM). La vulnerabilidad surge del uso inadecuado de la funci\u00f3n de evaluaci\u00f3n, lo que permite que un proveedor de alojamiento LLM malicioso o comprometido ejecute comandos arbitrarios en la m\u00e1quina del cliente. Este problema se solucion\u00f3 en la versi\u00f3n 0.10.13. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda llevar a que un proveedor de alojamiento obtenga control total sobre las m\u00e1quinas cliente."}], "id": "CVE-2024-4181", "lastModified": "2025-10-21T11:36:16.007", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-05-16T09:15:15.553", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/run-llama/llama_index/commit/d73715eaf0642705583e7897c78b9c8dd2d3a7ba"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/1a204520-598a-434e-b13d-0d34f2a5ddc1"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security@huntr.dev", "type": "Secondary"}]}