Lucene search

@huntr_aiVULNRICHMENT:CVE-2024-3121

HistoryJun 24, 2024 - 12:00 a.m.

CVE-2024-3121 Remote Code Execution in create_conda_env function in parisneo/lollms

2024-06-2400:00:14

CWE-94

@huntr_ai

github.com

cve-2024-3121

remote code execution

parisneo/lollms

subprocess.popen

security breach

whoami command

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

Percentile

16.6%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the ‘whoami’ command among potentially other harmful commands.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:parisneo:lollms:5.9.0:*:*:*:*:*:*:*"
    ],
    "vendor": "parisneo",
    "product": "lollms",
    "versions": [
      {
        "status": "affected",
        "version": "5.9.0"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b

CVSS3

6.8

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.1

Confidence

Low

EPSS

Percentile

16.6%

SSVC

Exploitation

poc

Automatable

yes

Technical Impact

total

JSON

Related for VULNRICHMENT:CVE-2024-3121