Lucene search
GoogleOSV:GHSA-8MRM-R7H3-C3HJHistoryJul 20, 2024 - 6:30 a.m.
LoLLMS vulnerable to Expected Behavior Violation
2024-07-2006:30:35
Google
osv.dev
lollms
path traversal
apply_settings
version 9.5.1
sanitize_path
discussion_db_name
system folders
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
A path traversal vulnerability exists in the apply_settings function of parisneo/lollms versions prior to 9.5.1. The sanitize_path function does not adequately secure the discussion_db_name parameter, allowing attackers to manipulate the path and potentially write to important system folders.
Related
nvd
nvd
CVE-2024-6281
2024-07-20 04:15:05
veracode
veracode
Path Traversal
2024-07-26 05:55:19
github
github
LoLLMS vulnerable to Expected Behavior Violation
2024-07-20 06:30:35
vulnrichment
vulnrichment
CVE-2024-6281 Path Traversal in parisneo/lollms
2024-07-20 03:19:25
osv
osv
CVE-2024-6281
2024-07-20 04:15:05
cve
cve
CVE-2024-6281
2024-07-20 04:15:05
cvelist
cvelist
CVE-2024-6281 Path Traversal in parisneo/lollms
2024-07-20 03:19:25
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Related for OSV:GHSA-8MRM-R7H3-C3HJ