What is the CVSS score of CVE-2024-12910?

CVE-2024-12910 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.3%.

Which versions of Llamaindex are affected by CVE-2024-12910?

CVE-2024-12910 presents moderate security risk rated CVSS 5.9. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.. A patch is available.

Is there a public PoC exploit available for CVE-2024-12910?

Yes, a public proof-of-concept exploit is available for CVE-2024-12910. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate CVE-2024-12910?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Llamaindex CVE-2024-12910

MEDIUM

Uncontrolled Recursion (CWE-674)

2025-03-20 security@huntr.dev

Denial Of Service Llamaindex Red Hat

5.9

CVSS 3.1

Severity by source

NVD primary

5.9 MEDIUM

Red Hat

4.2 MEDIUM

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

Patch released

Mar 28, 2026 - 18:32 nvd

Patch available

PoC Detected

Oct 15, 2025 - 13:15 vuln.today

Public exploit code

CVE Published

Mar 20, 2025 - 10:15 nvd

MEDIUM 5.9

DescriptionNVD

A vulnerability in the KnowledgeBaseWebReader class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the get_article_urls method, exhausting system resources and potentially crashing the application.

AnalysisAI

A vulnerability in the KnowledgeBaseWebReader class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-674. A vulnerability in the KnowledgeBaseWebReader class of the run-llama/llama_index repository, version latest, allows an attacker to cause a Denial of Service (DoS) by controlling a URL variable to contain the root URL. This leads to infinite recursive calls to the get_article_urls method, exhausting system resources and potentially crashing the application. Affected products include: Llamaindex.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Vendor StatusVendor

CVE-2024-12910 vulnerability details – vuln.today

Back

Llamaindex CVE-2024-12910

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Share

External POC / Exploit Code