Lucene search

GitHub Advisory DatabaseGHSA-W9QF-83JG-2X6C

HistoryJun 27, 2024 - 9:32 p.m.

lollms vulnerable to dot-dot-slash path traversal in XTTS server

2024-06-2721:32:08

CWE-29

GitHub Advisory Database

github.com

lollms

xtts server

path traversal

vulnerability

parisneo

audio files

system

file paths

validation

tts_to_file endpoint

software

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.9

Confidence

High

JSON

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the tts_to_file endpoint.

Affected configurations

Vulners

Node

lollmslollmsRange≤9.5.1

VendorProductVersionCPE
lollmslollms*cpe:2.3:a:lollms:lollms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lollms	lollms	*	cpe:2.3:a:lollms:lollms::::::::

References

github.com/advisories/GHSA-w9qf-83jg-2x6c

huntr.com/bounties/fd00f112-efd0-40a1-8227-d6733716e4c0

nvd.nist.gov/vuln/detail/CVE-2024-6139

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

6.9

Confidence

High

JSON

Related for GHSA-W9QF-83JG-2X6C