Lucene search
+L

5 matches found

github
github
added 2024/06/22 6:30 p.m.23 views

Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

9.8CVSS7.5AI score0.34354EPSS
Exploits1References4Affected Software1
osv
osv
added 2024/06/22 5:15 p.m.28 views

CVE-2024-5443

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

9.8CVSS7.6AI score0.34354EPSS
Exploits1References2
cve
cve
added 2024/06/22 4:12 p.m.66 views

CVE-2024-5443

CVE-2024-5443 describes a path traversal flaw in parisneo/lollms related to the ExtensionBuilder().build_extension() workflow. The issue, exploited via the /mount_extension endpoint, arises because data.category and data.folder can be empty strings, enabling construction of a package_path that ca...

9.8CVSS9.7AI score0.34354EPSS
Exploits1References2
nvd
nvd
added 2024/06/06 7:16 p.m.40 views

CVE-2024-4320

A remote code execution RCE vulnerability exists in the '/installextension' endpoint of the parisneo/lollms-webui application, specifically within the @router.post"/installextension" route handler. The vulnerability arises due to improper handling of the name parameter in the...

9.8CVSS0.34354EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2024/06/06 6:22 p.m.19 views

CVE-2024-4320 Remote Code Execution due to LFI in '/install_extension' in parisneo/lollms-webui

A remote code execution RCE vulnerability exists in the '/installextension' endpoint of the parisneo/lollms-webui application, specifically within the @router.post"/installextension" route handler. The vulnerability arises due to improper handling of the name parameter in the...

9.8CVSS8.2AI score0.34354EPSS
Exploits1References1
Rows per page
Query Builder