LLama-Index CLI OS Command Injection Vulnerability Allowing Arbitrary Code Execution

A command injection vulnerability has been identified in the LLama-Index CLI version 0.12.20. This issue arises from the improper handling of the '--files' argument, which is directly passed to 'os.system'. An attacker who controls this argument can inject and execute arbitrary shell commands. The vulnerability can be exploited locally by manipulating CLI arguments or remotely if a web application invokes the LLama-Index CLI with a user-controlled filename. Successful exploitation could lead to arbitrary code execution on the affected system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the system where the LLama-Index CLI is run.

Reproduction

To reproduce this vulnerability, use the LLama-Index CLI 'rag' command with the '--files' option. Inject a command by using a filename that includes shell metacharacters, such as '$(echo hello > teeest.txt)'. If the file 'teeest.txt' does not already exist, the command injection will not be executed. Once the file is created, the injected command will be executed, demonstrating the OS command injection vulnerability.

Remediation

Users can update to LLama-Index CLI version 0.12.21 or later, where this vulnerability has been fixed.