Lucene search

Veracode Vulnerability DatabaseVERACODE:47729

HistoryJun 25, 2024 - 5:32 a.m.

Remote Code Execution (RCE)

2024-06-2505:32:19

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

remote code execution

parisneo/lollms

vulnerability

subprocess.popen

create_conda_env

env_name

python_version

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

parisneo/lollms is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the misuse of the shell=True parameter in the subprocess.Popen function within the create_conda_env function of the parisneo/lollms repository. The vulnerability allows an attacker to execute arbitrary commands via manipulated parameters like env_name and python_version.

CPENameOperatorVersion
lollmsle9.5.1
lollmsle9.5.1

CPE	Name	Operator	Version
	lollms	le	9.5.1
	lollms	le	9.5.1

References

github.com/advisories/GHSA-79h8-gxhq-q3jg

github.com/parisneo/lollms/issues/23

huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for VERACODE:47729