run-llama llama_index Library JsonPickleSerializer Component Remote Code Execution Vulnerability

A critical deserialization vulnerability has been identified in the run-llama llama_index library, specifically within the JsonPickleSerializer component, in versions v0.12.27 prior to v0.12.40. This vulnerability arises from an insecure fallback to Python's pickle module, allowing remote code execution. The JsonPickleSerializer component prioritizes deserialization with pickle.loads(), which can execute arbitrary code when handling untrusted data. Attackers could exploit this vulnerability by creating malicious payloads, potentially leading to full system compromise.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected system.

Reproduction

The vulnerability can be reproduced by using the JsonPickleSerializer component to deserialize untrusted data. The deserialization process will incorrectly allow the execution of arbitrary code due to the unsafe reliance on Python's pickle module. This can be tested by crafting a payload that exploits the deserialization process, taking advantage of the vulnerability to execute code on the system.

Remediation

Users are advised to update to version v0.12.40 or later, where this vulnerability has been addressed.