CVE-2024-6085
The CVE-2024-6085 issue concerns the XTTS server in the lollms package (version v9.6). The root cause is an unauthenticated change to root folder settings that enables path traversal: bypassing the read-file protection by setting the root to '/' and allowing writes to arbitrary locations via alte...