run-llama Llama_Index FinanceChatLlamaPack SQL Injection Vulnerability Allowing Remote Code Execution

A SQL injection vulnerability has been identified in the FinanceChatLlamaPack of the run-llama/llama_index repository, affecting versions prior to v0.12.3. The vulnerability resides in the 'run_sql_query' function of the 'database_agent', where SQL queries are executed without proper sanitization. This flaw allows attackers to inject arbitrary SQL commands, which can be exploited to execute remote code on the server using PostgreSQL's large object functionality.

Impact

Exploitation of this vulnerability allows for SQL injection, which can be leveraged to execute arbitrary code on the server where the PostgreSQL database is hosted.

Reproduction

The vulnerability can be reproduced by sending a crafted SQL query through the 'database_agent' of the FinanceChatLlamaPack. This can be done by injecting a malicious SQL payload into a normal query, which the 'run_sql_query' function will execute without any safeguards. Once the SQL injection is successful, the injected payload can be used to exploit PostgreSQL's large object feature, creating a large object that contains a malicious file. This file can then be executed on the server, leading to remote code execution.

Remediation

Users are advised to update to version 0.3.0 or later, where this vulnerability has been fixed.