4 matches found
CVE-2024-3121
A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...
CVE-2024-3121 Remote Code Execution in create_conda_env function in parisneo/lollms
A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...
CVE-2024-3121 Remote Code Execution in create_conda_env function in parisneo/lollms
A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...
CVE-2024-3121
Parisneo/lollms version 5.9.0 is affected by CVE-2024-3121. The issue resides in create_conda_env, where unsafely using subprocess.Popen with shell=True injects commands via env_name and python_version, enabling Remote Code Execution. The vulnerability is demonstrated by potential execution of co...