Lollms Web Ui@5.9.0 Security Vulnerabilities and Issues — Lollms Web Ui@5.9.0 CVE List

Lucene search

ParisneoLollms Web Ui5.9.0

3 matches found

CVE•added 2024/10/11 4:15 p.m.•71 views

CVE-2024-6985

A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of...

4.4CVSS4.6AI score0.00041EPSS

CVE•added 2024/06/22 5:15 p.m.•49 views

CVE-2024-5443

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder().build_extension() function. The vulnerability arises from the /mount_extension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory struct...

9.8CVSS9.7AI score0.59485EPSS

CVE•added 2024/06/24 12:15 a.m.•36 views

CVE-2024-3121

A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name an...

6.8CVSS5.2AI score0.0007EPSS