Run-Llama Llama-Index DuckDB Retriever SQL Injection Vulnerability Allowing Remote Code Execution

A SQL injection vulnerability has been identified in the DuckDB retriever component of the run-llama/llama_index repository, specifically in the latest version. This vulnerability allows attackers to inject arbitrary SQL code by exploiting the construction of SQL queries that do not utilize prepared statements. The injected SQL could be used to execute malicious commands, potentially leading to remote code execution by installing the shellfs extension.

Impact

Exploitation of this vulnerability allows for SQL injection, with the potential for remote code execution by installing the shellfs extension and executing malicious commands.

Reproduction

The vulnerability can be reproduced by using the DuckDB retriever in the latest version of the llama_index repository. After creating a database and a table, inject a SQL payload through the retrieval query that exploits the SQL injection vulnerability. The injected SQL can be crafted to execute commands that would lead to remote code execution.

Remediation

Users are advised to update to version 0.4.0 of the DuckDB retriever, which addresses the vulnerability by using prepared statements in SQL query construction.