CVE-2024-23751 | LlamaIndex up to 0.9.34 Text-to-SQL sql injection (Issue 9957)

CVE-2024-23751 | LlamaIndex up to 0.9.34 Text-to-SQL sql injection (Issue 9957)

A vulnerability classified as critical has been found in LlamaIndex up to 0.9.34. This affects the function NLSQLTableQueryEngine/SQLTableRetrieverQueryEngine/NLSQLRetriever/RetrieverQueryEngine/PGVectorSQLQueryEngine of the component Text-to-SQL. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-23751. It is possible to initiate the attack remotely. There is no exploit available.