What is the severity of CVE-2024-12910?

The severity of CVE-2024-12910 is classified as high due to its potential to cause a Denial of Service.

How do I fix CVE-2024-12910?

To fix CVE-2024-12910, update the `llama-index` package to version 0.12.9 or higher.

What types of systems are impacted by CVE-2024-12910?

CVE-2024-12910 affects applications utilizing the `KnowledgeBaseWebReader` class within the run-llama/llama_index repository.

What can an attacker do with CVE-2024-12910?

An attacker can exploit CVE-2024-12910 to cause Denial of Service by creating infinite recursive calls.

Is CVE-2024-12910 a zero-day vulnerability?

CVE-2024-12910 is not classified as a zero-day vulnerability as it has been publicly disclosed.

Vulnerability/
CVE-2024-12910

medium

5.9

CWE

400

20/3/2025

2/4/2025

CVE-2024-12910: Denial of Service in run-llama/llama_index

First published: Thu Mar 20 2025(Updated: )

A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the `get_article_urls` method, exhausting system resources and potentially crashing the application.

Credit: security@huntr.dev

Affected Software	Affected Version	How to fix
LlamaIndex
pip/llama-index	<0.12.9	0.12.9
Llamaindex	<0.12.9
	<0.12.9

Remedy

https://github.com/run-llama/llama_index/commit/159ce485a1168100bb219dc1b93133f1121579d9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-12910?
The severity of CVE-2024-12910 is classified as high due to its potential to cause a Denial of Service.
How do I fix CVE-2024-12910?
To fix CVE-2024-12910, update the `llama-index` package to version 0.12.9 or higher.
What types of systems are impacted by CVE-2024-12910?
CVE-2024-12910 affects applications utilizing the `KnowledgeBaseWebReader` class within the run-llama/llama_index repository.
What can an attacker do with CVE-2024-12910?
An attacker can exploit CVE-2024-12910 to cause Denial of Service by creating infinite recursive calls.
Is CVE-2024-12910 a zero-day vulnerability?
CVE-2024-12910 is not classified as a zero-day vulnerability as it has been publicly disclosed.

agent/title
agent/weakness
agent/type
agent/first-publish-date
agent/description
agent/author
collector/nvd-cve
source/NVD
agent/references
agent/source
collector/mitre-cve
source/MITRE
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/github-advisory
source/GitHub
alias/GHSA-jvpf-xf32-2w4q
alias/CVE-2024-12910
agent/remedy
agent/event
collector/nvd-api
agent/softwarecombine
agent/tags
agent/last-modified-date
agent/severity
collector/github-advisory-latest
vendor/run-llama
canonical/llamaindex
package-manager/pip
vendor/llamaindex

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.