Executive Summary

CVE-2024-14021 is an unsafe deserialization vulnerability in LlamaIndex versions up to 0.11.6. It occurs in the BGEM3Index.load_from_disk() function, which uses Python's pickle.load() to deserialize a file named multi_embed_store.pkl from a user-supplied directory without validating the file. An attacker who can provide a malicious pickle file in this directory can execute arbitrary code when the victim loads the index from disk. [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to arbitrary code execution on the victim's system if they load a maliciously crafted persist directory containing a harmful pickle file. This means an attacker could potentially take control of the affected system, compromising confidentiality, integrity, and availability of data and resources. [1]

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by identifying if the vulnerable function BGEM3Index.load_from_disk() is used to deserialize the file multi_embed_store.pkl from a user-supplied persist_dir without validation. Since the vulnerability involves unsafe deserialization using Python's pickle.load(), you can check for the presence of multi_embed_store.pkl files in persist directories and monitor or audit the loading of these files in your environment. Specific commands are not provided in the available resources. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include avoiding loading indexes from untrusted or user-supplied persist directories that may contain malicious pickle files. Do not use versions of LlamaIndex up to and including 0.11.6 that contain this unsafe deserialization vulnerability. Instead, update to a version where this issue is fixed or implement validation/sanitization of the pickle files before deserialization to prevent arbitrary code execution. [1]

Useful 0 Not Useful 0