CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6139 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-6139
27 Jun 2024 — A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint. • https://huntr.com/bounties/fd00f112-efd0-40a1-8227-d6733716e4c0 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5824 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-5824
27 Jun 2024 — A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`. • https://github.com/parisneo/lollms/commit/eda3af5f5c4ea9b2f3569f72f8d05989e29367fc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6085 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-6085
27 Jun 2024 — A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system... • https://huntr.com/bounties/d2fb73d7-4b4f-451a-8763-484c189a27fe • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6250 – Absolute Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-6250
27 Jun 2024 — An absolute path traversal vulnerability exists in parisneo/lollms-webui v9.6, specifically in the `open_file` endpoint of `lollms_advanced.py`. The `sanitize_path` function with `allow_absolute_path=True` allows an attacker to access arbitrary files and directories on a Windows system. This vulnerability can be exploited to read any file and list arbitrary directories on the affected system. • https://huntr.com/bounties/11a8bf9d-16f3-49b3-b5fc-ad36d8993c73 • CWE-36: Absolute Path Traversal •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4498 – Path Traversal and RFI Vulnerability in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4498
25 Jun 2024 — A Path Traversal and Remote File Inclusion (RFI) vulnerability exists in the parisneo/lollms-webui application, affecting versions v9.7 to the latest. The vulnerability arises from insufficient input validation in the `/apply_settings` function, allowing an attacker to manipulate the `discussion_db_name` parameter to traverse the file system and include arbitrary files. This issue is compounded by the bypass of input filtering in the `install_binding`, `reinstall_binding`, and `unInstall_binding` endpoints,... • https://huntr.com/bounties/9238e88a-a6ca-4915-9b5d-6cdb4148d3f4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4839 – CSRF in Servers Configurations in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4839
24 Jun 2024 — A Cross-Site Request Forgery (CSRF) vulnerability exists in the 'Servers Configurations' function of the parisneo/lollms-webui, versions 9.6 to the latest. The affected functions include Elastic search Service (under construction), XTTS service, Petals service, vLLM service, and Motion Ctrl service, which lack CSRF protection. This vulnerability allows attackers to deceive users into unwittingly installing the XTTS service among other packages by submitting a malicious installation request. Successful explo... • https://huntr.com/bounties/dcfc5a07-0427-42b5-a623-8d943873d7ff • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4499 – CSRF Vulnerability in parisneo/lollms XTTS Server
https://notcve.org/view.php?id=CVE-2024-4499
24 Jun 2024 — A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the... • https://huntr.com/bounties/336cd0eb-eb47-450d-9b2c-9332f69af65a • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-3121 – Remote Code Execution in create_conda_env function in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-3121
24 Jun 2024 — A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands. Existe una vulnerabilidad de... • https://github.com/Abo5/CVE-2024-31210 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4841 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4841
23 Jun 2024 — A Path Traversal vulnerability exists in the parisneo/lollms-webui, specifically within the 'add_reference_to_local_mode' function due to the lack of input sanitization. This vulnerability affects versions v9.6 to the latest. By exploiting this vulnerability, an attacker can predict the folders, subfolders, and files present on the victim's computer. The vulnerability is present in the way the application handles the 'path' parameter in HTTP requests to the '/add_reference_to_local_model' endpoint. Existe u... • https://huntr.com/bounties/740dda3e-7104-4ccf-9ac4-8870e4d6d602 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5443 – Remote Code Execution via Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-5443
22 Jun 2024 — CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure. This is facilitated by the `data.category` and `data.folder` parameters accepting empty strings (`""`), which, due to inadequate input sanitization, can lead to the construction of a `package_path` that p... • https://github.com/parisneo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f • CWE-29: Path Traversal: '\..\filename' •