Lucene search
Veracode Vulnerability DatabaseVERACODE:48236HistoryJul 26, 2024 - 5:55 a.m.
Path Traversal
2024-07-2605:55:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
path traversal
parisneo/lollms
sanitize_path
lollms_configuration_infos.py
discussion_db_name parameter
important system directories
software
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
6.8
Confidence
High
parisneo/lollms is vulnerable to Path Traversal. The vulnerability is due to the sanitize_path function within the file lollms_configuration_infos.py, which allows attackers to manipulate the discussion_db_name parameter and potentially write to important system directories.
Related
github
github
LoLLMS vulnerable to Expected Behavior Violation
2024-07-20 06:30:35
nvd
nvd
CVE-2024-6281
2024-07-20 04:15:05
vulnrichment
vulnrichment
CVE-2024-6281 Path Traversal in parisneo/lollms
2024-07-20 03:19:25
osv
osv
CVE-2024-6281
2024-07-20 04:15:05
LoLLMS vulnerable to Expected Behavior Violation
2024-07-20 06:30:35
cve
cve
CVE-2024-6281
2024-07-20 04:15:05
cvelist
cvelist
CVE-2024-6281 Path Traversal in parisneo/lollms
2024-07-20 03:19:25
CVSS3
7.3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
AI Score
6.8
Confidence
High
Related for VERACODE:48236