Llama_Index Library World-Writable NLTK Data Directory Vulnerability Allowing Local Data Tampering and Denial-of-Service

A vulnerability exists in the llama_index library version 0.12.33, where the default NLTK data directory is set to a world-writable subdirectory of the codebase. This misconfiguration allows local users to overwrite, delete, or corrupt NLTK data files, potentially leading to denial-of-service, data tampering, or privilege escalation. The issue arises from using a shared cache directory instead of a user-specific one, making it vulnerable to local data manipulation and service disruption.

Impact

Exploitation of this vulnerability could result in unauthorized modification or deletion of NLTK data files, causing disruptions in applications that rely on this data. Such actions could lead to data corruption, application crashes, or, in certain scenarios, unauthorized escalation of privileges if a vulnerable data loader is involved.

Reproduction

The vulnerability can be reproduced by installing the llama_index library version 0.12.33 in a multi-user environment where the NLTK data directory is set to a shared, world-writable location. Once the library is installed, any local user can overwrite or delete NLTK data files, such as stopwords or tokenizers, which can disrupt the functionality of applications using the library.

Remediation

Users can update to llama_index version 0.13.0 or later, where this vulnerability has been fixed.