CVE-2024-4320 — Path Traversal: '\..\filename' in Lollms

CWE-29 — Path Traversal: '\..\filename'CWE-22 — Path Traversal5 documents4 sources

Severity

9.8CRITICALNVD

EPSS

64.0%

top 1.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Parisneo Lollms Lollms

Timeline

PublishedJun 6

Latest updateJun 22

Description

A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. The vulnerability arises due to improper handling of the `name` parameter in the `ExtensionBuilder().build_extension()` method, which allows for local file inclusion (LFI) leading to arbitrary code execution. An attacker can exploit this vulnerability by crafting a malicious `name` parameter t…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5parisneo/parisneo_lollmsunspecified — 9.8

▶PyPIlollms/lollms5.9.0 — 9.5.1

🔴Vulnerability Details

GHSA

Remote Code Execution via path traversal bypass in lollms↗2024-06-22

▶

OSV

Remote Code Execution via path traversal bypass in lollms↗2024-06-22

▶

GHSA

GHSA-qfjf-662j-2xxg: A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within↗2024-06-06

▶