Lollms
CVE-2024-3429
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the sanitize_path_from_endpoint and sanitize_path functions in lollms_core\lollms\security.py. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.6.
AnalysisAI
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the sanitize_path_from_endpoint and sanitize_path functions in lollms_core\lollms\security.py. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-29. A path traversal vulnerability exists in the parisneo/lollms application, specifically within the sanitize_path_from_endpoint and sanitize_path functions in lollms_core\lollms\security.py. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.6. Affected products include: Lollms. Version information: prior to 9.6..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Server-Side Request Forgery (SSRF) in parisneo/lollms versions before 2.2.0 allows unauthenticated remote attackers to m
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlie
A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax
Unauthenticated file upload in parisneo/lollms versions ≤2.2.0 enables remote attackers to submit arbitrary files for te
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. Rated medium
Authenticated users in parisneo/lollms (versions before 2.2.0) can hijack friend requests intended for other users throu
A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version
Same weakness CWE-29 – Path Traversal: '\\..\\filename'
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today