CVE-2024-23751
📋 TL;DR
This CVE describes a SQL injection vulnerability in LlamaIndex's Text-to-SQL feature that allows attackers to execute arbitrary SQL commands through natural language input. Systems using affected versions of LlamaIndex with Text-to-SQL query engines are vulnerable. Attackers could manipulate, delete, or exfiltrate database data.
💻 Affected Systems
- LlamaIndex (llama_index)
📦 What is this software?
Llamaindex by Llamaindex
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including data destruction, data exfiltration, privilege escalation, and potential remote code execution depending on database configuration.
Likely Case
Data manipulation or deletion in databases accessible through the vulnerable query engines, potentially affecting application functionality.
If Mitigated
Limited impact with proper input validation, parameterized queries, and database user privilege restrictions in place.
🎯 Exploit Status
Exploitation requires access to the Text-to-SQL interface but no authentication. The vulnerability is demonstrated in the GitHub issue with clear examples.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.9.35 or later
Vendor Advisory: https://github.com/run-llama/llama_index/issues/9957
Restart Required: No
Instructions:
1. Update LlamaIndex to version 0.9.35 or later using pip: pip install --upgrade llama-index 2. Verify the update completed successfully 3. Test Text-to-SQL functionality to ensure it works without vulnerability
🔧 Temporary Workarounds
Disable Text-to-SQL Features
allTemporarily disable or remove Text-to-SQL query engines from your application until patching is possible.
# Remove or comment out usage of vulnerable query engines in your code
Implement Input Validation
allAdd strict input validation to filter SQL keywords and dangerous commands from natural language inputs.
# Implement regex filtering for SQL keywords like DROP, DELETE, INSERT, UPDATE, UNION, etc.
🧯 If You Can't Patch
- Implement network segmentation to isolate systems using vulnerable LlamaIndex versions
- Apply strict database user privilege restrictions to limit potential damage from SQL injection
🔍 How to Verify
Check if Vulnerable:
Check if your code uses any of the affected query engines (NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, PGVectorSQLQueryEngine) with LlamaIndex version 0.9.34 or earlier.Check Version:
python -c "import llama_index; print(llama_index.__version__)"Verify Fix Applied:
After updating, test Text-to-SQL functionality with malicious inputs like 'DROP TABLE users' to ensure they are properly sanitized or rejected.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries generated from natural language inputs
- Database errors indicating SQL syntax issues
- Unexpected DROP, DELETE, or other destructive SQL operations
Network Indicators:
- Unusual database traffic patterns from application servers
- Large data transfers from databases to unexpected destinations
SIEM Query:
source="application_logs" AND ("DROP" OR "DELETE" OR "INSERT" OR "UPDATE") AND "Text-to-SQL"