CVE-2024-4078

A vulnerability in the parisneo/lollms, specifically in the /unInstall_binding endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the name parameter in the unInstall_binding function, allowi...