Lucene search

CVE-2024-2361

🗓️ 16 May 2024 09:10:15Reported by @huntr_aiType

cve🔗 web.nvd.nist.gov👁 39 Views🌐 WEB

Vulnerability in parisneo/lollms-webui for arbitrary file upload and read due to insufficient user input sanitization in install_model() functio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 3
Vulnrichment	CVE-2024-2361 Arbitrary Upload & Read via Path Traversal in parisneo/lollms-webui	16 May 202409:03	–	vulnrichment
NVD	CVE-2024-2361	16 May 202409:15	–	nvd
Cvelist	CVE-2024-2361 Arbitrary Upload & Read via Path Traversal in parisneo/lollms-webui	16 May 202409:03	–	cvelist

[
  {
    "vendor": "parisneo",
    "product": "parisneo/lollms-webui",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.com/bounties/cd383817-924a-445a-838e-d0c867c6a176

Parameter	Position	Path	Description	CWE
path	path	/lollms_core/lollms/binding.py	Arbitrary file upload and read due to insufficient sanitization of user-supplied input, allowing attackers to exploit path traversal.	CWE-29
variant_name	path	/lollms_core/lollms/binding.py	Arbitrary file upload and read due to insufficient sanitization of user-supplied input, allowing attackers to exploit path traversal.	CWE-29

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 May 2024 09:15Current

6.8Medium risk

Vulners AI Score6.8

CVSS39.6

EPSS0.00432

SSVC

CWE-29