3 matches found
Remote Code Execution (RCE)
parisneo/lollms is vulnerable to Remote Code Execution RCE. The vulnerability is due to the misuse of the shell=True parameter in the subprocess.Popen function within the createcondaenv function of the parisneo/lollms repository. The vulnerability allows an attacker to execute arbitrary commands...
GHSA-79H8-GXHQ-Q3JG Remote Code Execution in create_conda_env function in lollms
A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and pythonversion...
Remote Code Execution in create_conda_env function in lollms
A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and pythonversion...