CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-6959 – Denial of Service (DOS) in multipart boundary while uploading file in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-6959
13 Oct 2024 — A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.... • https://huntr.com/bounties/6394d32e-f35c-418a-95b8-e7254ed0bc8e • CWE-352: Cross-Site Request Forgery (CSRF) CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-5933 – Cross-site Scripting (XSS) in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-5933
27 Jun 2024 — A Cross-site Scripting (XSS) vulnerability exists in the chat functionality of parisneo/lollms-webui in the latest version. This vulnerability allows an attacker to inject malicious scripts via chat messages, which are then executed in the context of the user's browser. • https://huntr.com/bounties/51a2e370-3b64-45cd-9afc-0e4856ab5517 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4499 – CSRF Vulnerability in parisneo/lollms XTTS Server
https://notcve.org/view.php?id=CVE-2024-4499
24 Jun 2024 — A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the... • https://huntr.com/bounties/336cd0eb-eb47-450d-9b2c-9332f69af65a • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-3121 – Remote Code Execution in create_conda_env function in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-3121
24 Jun 2024 — A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands. Existe una vulnerabilidad de... • https://github.com/Abo5/CVE-2024-31210 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2359 – Improper Neutralization of Special Elements used in an OS Command in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2359
06 Jun 2024 — A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blocked from external access by default. However, attackers can exploit the `/update_setting` endpoint, which lacks proper access control, to modify the `host` configuration at runtime. By changing the `host` setting to an attacker-controlled value, the restriction... • https://huntr.com/bounties/62144831-8d4b-4cf2-9737-5e559f7bc67e • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-2360 – Path Traversal leading to Remote Code Execution in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2360
06 Jun 2024 — parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which ... • https://huntr.com/bounties/65d0ef59-a761-4bbd-86fa-dd8e8621082e • CWE-29: Path Traversal: '\..\filename' •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3429 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-3429
06 Jun 2024 — A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthori... • https://github.com/parisneo/lollms/commit/f4424cfc3d6dfb3ad5ac17dd46801efe784933e9 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3322 – Path Traversal in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-3322
06 Jun 2024 — A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'process_folder' function within 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Specifically, the function fails to properly sanitize user-supplied input for the 'code_folder_path', allowing an attacker to specify arbitrar... • https://github.com/parisneo/lollms-webui/commit/1e17df01e01d4d33599db2afaafe91d90b6f0189 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2024-4320 – Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-4320
06 Jun 2024 — A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. The vulnerability arises due to improper handling of the `name` parameter in the `ExtensionBuilder().build_extension()` method, which allows for local file inclusion (LFI) leading to arbitrary code execution. An attacker can exploit this vulnerability by crafting a malicious `name` parameter that causes t... • https://github.com/bolkv/CVE-2024-4320 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-4881 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-4881
06 Jun 2024 — A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\`), which can be exploited to access the root di... • https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6 • CWE-36: Absolute Path Traversal •