CVE-2024-1600
published 2024-04-10CVE-2024-1600: A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can…
PriorityP269critical9.3CVSS 3.0
AVNACLPRNUINSCCHINAL
EPSS
31.09%
98.0th percentile
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lollms | lollms_web_ui | >= 9.0 < 9.6 | 9.6 |
| parisneo | parisneo_lollms-webui | >= unspecified < 9.5 | 9.5 |
CVSS provenance
nvdv3.09.3CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-24m8-r3wq-c97x: A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route
ghsa_unreviewed·2024-04-10
CVE-2024-1600 [CRITICAL] CWE-98 GHSA-24m8-r3wq-c97x: A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route
A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application.
Red Hat
kernel: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
vendor_redhat·2024-04-02·CVSS 5.5
CVE-2024-26670 [MEDIUM] CWE-1300 kernel: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
kernel: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
In the Linux kernel, the following vulnerability has been resolved:
arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD
Currently the ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround isn't
quite right, as it is supposed to be applied after the last explicit
memory access, but is immediately followed by an LDR.
The ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround is used to
handle Cortex-A520 erratum 2966298 and Cortex-A510 erratum 3117295,
which are described in:
* https://developer.arm.com/documentation/SDEN2444153/0600/?lang=en
* https://developer.arm.com/documentation/SDEN1873361/1600/?lang=en
In both cases the workaround is described as:
| If pagetable isolation is disabled, the context switch logic in the
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265https://huntr.com/bounties/29ec621a-bd69-4225-ab0f-5bb8a1d10c67https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265https://huntr.com/bounties/29ec621a-bd69-4225-ab0f-5bb8a1d10c67
2024-04-10
Published