Lucene search
K

4 matches found

OSV
OSV
added 2024/06/24 12:15 a.m.9 views

CVE-2024-3121

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...

3.3CVSS8.1AI score0.00446EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/06/24 12:0 a.m.17 views

CVE-2024-3121 Remote Code Execution in create_conda_env function in parisneo/lollms

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...

6.8CVSS8.1AI score0.00446EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/06/24 12:0 a.m.46 views

CVE-2024-3121 Remote Code Execution in create_conda_env function in parisneo/lollms

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...

6.8CVSS0.00446EPSS
Exploits2References1
CVE
CVE
added 2024/06/24 12:0 a.m.57 views

CVE-2024-3121

Parisneo/lollms version 5.9.0 is affected by CVE-2024-3121. The issue resides in create_conda_env, where unsafely using subprocess.Popen with shell=True injects commands via env_name and python_version, enabling Remote Code Execution. The vulnerability is demonstrated by potential execution of co...

6.8CVSS5.2AI score0.00446EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder