EUVD-2025-20210
GHSA-3j8r-jf9w-5cmh
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5Description
A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.
Analysis
A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.
Technical Context
Path traversal allows an attacker to access files outside the intended directory by manipulating file paths with sequences like '../'.
Affected Products
Affected products: Llamaindex Llamaindex
Remediation
A vendor patch is available — apply it immediately. Validate and sanitize file path inputs. Use a whitelist of allowed files or directories. Implement chroot jails or containerization.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today