CVE-2024-4881
published 2024-06-06CVE-2024-4881: A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0…
PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.88%
54.6th percentile
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\windows\win.ini`) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lollms | lollms | < 5.9.0 | 5.9.0 |
| lollms | lollms | >= 0 < 9.5.0 | 9.5.0 |
| lollms | lollms | >= 0 < 95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6 | 95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6 |
| lollms | lollms | >= 0 < 5.9.0 | 5.9.0 |
| parisneo | parisneo_lollms | >= unspecified < 5.9.0 | 5.9.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
LoLLMS Path Traversal vulnerability
ghsa·2024-06-06
CVE-2024-4881 [HIGH] CWE-22 LoLLMS Path Traversal vulnerability
LoLLMS Path Traversal vulnerability
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 9.5.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\windows\win.ini`) could result in unauthorized file acces
OSV
CVE-2024-4881: A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9
osv·2024-06-06
CVE-2024-4881 CVE-2024-4881: A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\windows\win.ini`) could result in unauthorized file access. The impact of this vulnerability i
OSV
LoLLMS Path Traversal vulnerability
osv·2024-06-06
CVE-2024-4881 [HIGH] LoLLMS Path Traversal vulnerability
LoLLMS Path Traversal vulnerability
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 9.5.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\windows\win.ini`) could result in unauthorized file acces
Red Hat
kernel: bpf: Call free_htab_elem() after htab_unlock_bucket()
vendor_redhat·2024-12-27·CVSS 5.5
CVE-2024-56592 [MEDIUM] CWE-457 kernel: bpf: Call free_htab_elem() after htab_unlock_bucket()
kernel: bpf: Call free_htab_elem() after htab_unlock_bucket()
In the Linux kernel, the following vulnerability has been resolved:
bpf: Call free_htab_elem() after htab_unlock_bucket()
For htab of maps, when the map is removed from the htab, it may hold the
last reference of the map. bpf_map_fd_put_ptr() will invoke
bpf_map_free_id() to free the id of the removed map element. However,
bpf_map_fd_put_ptr() is invoked while holding a bucket lock
(raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock
(spinlock_t), triggering the following lockdep warning:
[ BUG: Invalid wait context ]
6.11.0-rc4+ #49 Not tainted
test_maps/4881 is trying to lock:
ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70
other info that might help us debug this:
contex
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-06-06
Published