2 matches found
CVE-2024-4078
A vulnerability in the parisneo/lollms, specifically in the /unInstallbinding endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the name parameter in the unInstallbinding function, allowi...
CVE-2024-4078
parisneo/lollms is affected by CVE-2024-4078 through the /unInstall_binding endpoint, where insufficient sanitization of the name parameter enables directory traversal and loading of a malicious init .py, causing arbitrary code execution. The issue, reported across multiple feeds, targets the lat...