run-llama llama_index Path Traversal Vulnerability in encode_image Function
Vulnerability
A path traversal vulnerability has been identified in run-llama/llama_index versions 0.12.27 through 0.12.40. The issue resides in the encode_image function within generic_utils.py, where improper validation of the image_path input allows attackers to read arbitrary files from the server, including sensitive system files. This vulnerability arises from inadequate sanitization of file paths, enabling traversal sequences to access files outside the intended directory.
Impact
Exploitation of this vulnerability allows for unauthorized access to arbitrary files on the server, potentially including sensitive system files.
Reproduction
The vulnerability can be reproduced by creating an ImageDocument object with a crafted image_path that includes path traversal sequences. This can be done by replacing the default image_url with a path traversal payload, such as '../' sequences, to navigate outside the intended directory and access arbitrary files on the server.
Remediation
Users can upgrade to run-llama/llama_index version 0.12.41 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.