Lollms
CVE-2024-4881
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (\), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the /user_infos endpoint, where a crafted request using backslashes to reference a file (e.g., \windows\win.ini) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system.
AnalysisAI
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified under CWE-36. A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (\), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the /user_infos endpoint, where a crafted request using backslashes to reference a file (e.g., \windows\win.ini) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system. Affected products include: Lollms. Version information: version 9.4.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_en
Server-Side Request Forgery (SSRF) in parisneo/lollms versions before 2.2.0 allows unauthenticated remote attackers to m
A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax
Unauthenticated file upload in parisneo/lollms versions ≤2.2.0 enables remote attackers to submit arbitrary files for te
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. Rated medium
Authenticated users in parisneo/lollms (versions before 2.2.0) can hijack friend requests intended for other users throu
A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version
Same weakness CWE-36 – Absolute Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today