6 matches found
EUVD-2024-2983
Malicious code in bioql PyPI...
CVE-2024-6971
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
A path traversal vulnerability exists in the ParisNeo/lollms repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows an...
GHSA-7PGR-32FX-C6X9 Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
A path traversal vulnerability exists in the ParisNeo/lollms repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows an...
CVE-2024-6971
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the lollmsfilesystem.py file. The functions addragdatabase, togglemountragdatabase, and vectorizefolder do not implement security measures such as sanitizepathfromendpoint or sanitizepath. This allows a...
CVE-2024-6971
CVE-2024-6971 describes a path traversal in the ParisNeo/lollms-webui project where functions in lollms_file_system.py (add_rag_database, toggle_mount_rag_database, vectorize_folder) do not sanitize paths, allowing an attacker to vectorize arbitrary .sqlite files on a victim’s machine. This can e...