Cyber Resilience

CVE-2024-3271

CriticalPublic PoCRCE

Published: 16 April 2024

Published
16 April 2024
Modified
30 July 2025
KEV Added
Patch
CVSS Score v3 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0124 79.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3271 is a critical-severity Command Injection (CWE-77) vulnerability in Llamaindex Llamaindex. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 20.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: Direct (AML.T0051.000), Infer Training Data Membership (AML.T0024.000), Financial Harm (AML.T0048.000).

EU & UK References

Vulnerability details

A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved…

more

by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
LLM/Generative AI Risks
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
The vulnerability is in the run-llama/llama_index repository, a framework for building LLM-powered applications, RAG pipelines, and AI agents/assistants, fitting the Enterprise AI Assistants category.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
Why these techniques?

Command injection vulnerability enables remote code execution via exploitation of a public-facing application (T1190) and arbitrary OS command execution using command interpreters (T1059).

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0051.000: DirectAML.T0024.000: Infer Training Data MembershipAML.T0048.000: Financial Harm

Affected Assets

llamaindex
llamaindex
0.10.6 — 0.10.26

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References