GHSA-m84c-4c34-28gf

Source

https://github.com/advisories/GHSA-m84c-4c34-28gf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-m84c-4c34-28gf/GHSA-m84c-4c34-28gf.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-m84c-4c34-28gf

Aliases

CVE-2025-3108

Published

2025-07-07T00:30:18Z

Modified

2025-07-07T23:44:21.571789Z

Severity

5.0 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVSS Calculator

Summary

LlamaIndex has Incomplete Documentation of Program Execution related to JsonPickleSerializer component

Details

Incomplete Documentation of Program Execution exists in the run-llama/llama_index library's JsonPickleSerializer component, affecting versions v0.12.27 through v0.12.40. This vulnerability allows remote code execution due to an insecure fallback to Python's pickle module. JsonPickleSerializer prioritizes deserialization using pickle.loads(), which can execute arbitrary code when processing untrusted data. Attackers can exploit this by crafting malicious payloads to achieve full system compromise. The root cause involves the use of an insecure fallback strategy without sufficient input validation or protective safeguards. Version 0.12.41 renames JsonPickleSerializer to PickleSerializer and adds a warning to the docs to only use PickleSerializer to deserialize safe things.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2025-07-07T23:11:36Z",
    "cwe_ids": [
        "CWE-1112"
    ],
    "nvd_published_at": "2025-07-06T23:15:21Z",
    "severity": "MODERATE"
}

References

Affected packages

PyPI / llama-index-core

Package

Name: llama-index-core; View open source insights on deps.dev
Purl: pkg:pypi/llama-index-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.11.15

Fixed

0.12.41

Affected versions

0.*

0.11.15

0.11.16

0.11.17

0.11.18

0.11.19

0.11.20

0.11.21

0.11.22

0.11.23

0.12.0

0.12.1

0.12.2

0.12.3

0.12.4

0.12.5

0.12.6

0.12.7

0.12.8

0.12.9

0.12.10

0.12.10.post1

0.12.11

0.12.12

0.12.13

0.12.14

0.12.15

0.12.16

0.12.16.post1

0.12.17

0.12.18

0.12.19

0.12.20

0.12.21

0.12.22

0.12.23

0.12.23.post1

0.12.23.post2

0.12.24

0.12.24.post1

0.12.25

0.12.26

0.12.27a1

0.12.27a2

0.12.27a3

0.12.27

0.12.28

0.12.29

0.12.30

0.12.31

0.12.32

0.12.33

0.12.33.post1

0.12.34a1

0.12.34a2

0.12.34a3

0.12.34a4

0.12.34a5

0.12.34

0.12.34.post1

0.12.35

0.12.36

0.12.37

0.12.38

0.12.39

0.12.40

Database specific

{
    "last_known_affected_version_range": "<= 0.12.40"
}