CVE-2024-11958 – A critical SQL injection vulnerability in the d... (How to Fix)

Q: What is the severity of CVE-2024-11958?

CVE-2024-11958 has a CVSS score of 9.8 (CRITICAL). A critical SQL injection vulnerability in the duckdb_retriever component of run-llama/llama_index allows attackers to execute arbitrary SQL commands. This can lead to remote code execution by installing malicious extensions and executing system commands. Anyone using the vulnerable component in llama_index is affected.

📋 TL;DR

A critical SQL injection vulnerability in the duckdb_retriever component of run-llama/llama_index allows attackers to execute arbitrary SQL commands. This can lead to remote code execution by installing malicious extensions and executing system commands. Anyone using the vulnerable component in llama_index is affected.

💻 Affected Systems

Products:

run-llama/llama_index

Versions: All versions up to and including the latest version before commit 35bd221e948e40458052d30c6ef2779bc965b6d0

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Requires the duckdb_retriever component to be in use. The vulnerability is in the SQL query construction logic.

📦 What is this software?

Llamaindex by Llamaindex

View all CVEs affecting Llamaindex →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via remote code execution, data exfiltration, and complete control over the database and underlying server.

🟠

Likely Case

Data theft, data manipulation, privilege escalation, and potential lateral movement within the environment.

🟢

If Mitigated

Limited to SQL injection impacts without RCE if shellfs extension is disabled or proper input validation is implemented.

🌐 Internet-Facing: HIGH - Directly exploitable if the vulnerable component is exposed to untrusted users.

🏢 Internal Only: HIGH - Even internal attackers or compromised accounts can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details are publicly available in the huntr.com bounty report. The SQL injection can be chained with shellfs extension installation for RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 35bd221e948e40458052d30c6ef2779bc965b6d0 and later

Vendor Advisory: https://github.com/run-llama/llama_index/commit/35bd221e948e40458052d30c6ef2779bc965b6d0

Restart Required: No

Instructions:

1. Update to the latest version of llama_index. 2. Ensure commit 35bd221e948e40458052d30c6ef2779bc965b6d0 is included. 3. Replace vulnerable duckdb_retriever usage with the patched version.

🔧 Temporary Workarounds

Disable shellfs extension

all

Prevents RCE by disabling the extension that allows command execution

ALTER DATABASE DETACH shellfs;
DROP EXTENSION shellfs;

Input validation wrapper

all

Implement strict input validation for all user inputs passed to duckdb_retriever

🧯 If You Can't Patch

Implement network segmentation to isolate the vulnerable component from critical systems
Deploy a web application firewall (WAF) with SQL injection protection rules

🔍 How to Verify

Check if Vulnerable:

Check if your code uses duckdb_retriever without parameterized queries. Review the specific commit hash in your installation.

Check Version:

git log --oneline | grep -i '35bd221e' or check package version in requirements.txt

Verify Fix Applied:

Verify that commit 35bd221e948e40458052d30c6ef2779bc965b6d0 is present in your codebase and that SQL queries now use parameterized statements.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries with shell commands
Installation of shellfs extension
Multiple failed SQL injection attempts

Network Indicators:

Unexpected database connections
Unusual outbound traffic from database server

SIEM Query:

SELECT * FROM logs WHERE message LIKE '%shellfs%' OR message LIKE '%UNION SELECT%' OR message LIKE '%EXEC%'

📊 Metadata

CVE ID: CVE-2024-11958

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 1.17% exploit probability (78.3th percentile)

Published: March 20, 2025

Last Updated: July 29, 2025

🔗 References

https://github.com/run-llama/llama_index/commit/35bd221e948e40458052d30c6ef2779bc965b6d0 Patch
https://huntr.com/bounties/8ddf66e1-f74c-4d53-992b-76bc45cacac1 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11958, you might also want to check these: