LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class
High severity
GitHub Reviewed
Published
Jul 7, 2025
to the GitHub Advisory Database
•
Updated Jul 7, 2025
Description
Published by the National Vulnerability Database
Jul 7, 2025
Published to the GitHub Advisory Database
Jul 7, 2025
Reviewed
Jul 7, 2025
Last updated
Jul 7, 2025
A vulnerability in the
ObsidianReader
class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llama_index repository (versions 0.12.23 to 0.12.28) allows for arbitrary file read through symbolic links. TheObsidianReader
fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the intended directory. This flaw enables attackers to place symlinks pointing to files outside the vault directory, which are then processed as valid Markdown files, potentially exposing sensitive information.References