All the vulnerabilites related to parisneo - parisneo/lollms
cve-2024-6971
Vulnerability from cvelistv5
Published
2024-10-11 12:14
Modified
2024-10-11 14:34
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim's computer, potentially installing multiple packages and causing a crash.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms", "vendor": "parisneo", "versions": [ { "lessThanOrEqual": "9.9", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6971", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T14:31:13.715468Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T14:34:23.637Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThanOrEqual": "latest", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the `lollms_file_system.py` file. The functions `add_rag_database`, `toggle_mount_rag_database`, and `vectorize_folder` do not implement security measures such as `sanitize_path_from_endpoint` or `sanitize_path`. This allows an attacker to perform vectorize operations on `.sqlite` files in any directory on the victim\u0027s computer, potentially installing multiple packages and causing a crash." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-11T12:14:13.156Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/fbfe7cd0-99fb-4305-bd07-8b573364109e" } ], "source": { "advisory": "fbfe7cd0-99fb-4305-bd07-8b573364109e", "discovery": "EXTERNAL" }, "title": "Path Traversal in parisneo/lollms-webui" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-6971", "datePublished": "2024-10-11T12:14:13.156Z", "dateReserved": "2024-07-21T22:56:32.861Z", "dateUpdated": "2024-10-11T14:34:23.637Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5824
Vulnerability from cvelistv5
Published
2024-06-27 18:45
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < latest |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms-webui", "vendor": "parisneo", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-5824", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-28T15:07:58.569532Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T17:39:34.169Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:03.266Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/9ceb7cf9-a7cd-4699-b3f8-d0999d2b49fd" }, { "tags": [ "x_transferred" ], "url": "https://github.com/parisneo/lollms/commit/eda3af5f5c4ea9b2f3569f72f8d05989e29367fc" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThan": "latest", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability in the `/set_personality_config` endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the `configs/config.yaml` file. This can lead to remote code execution by changing server configuration properties such as `force_accept_remote_access` and `turn_on_code_validation`." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-27T18:45:26.668Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/9ceb7cf9-a7cd-4699-b3f8-d0999d2b49fd" }, { "url": "https://github.com/parisneo/lollms/commit/eda3af5f5c4ea9b2f3569f72f8d05989e29367fc" } ], "source": { "advisory": "9ceb7cf9-a7cd-4699-b3f8-d0999d2b49fd", "discovery": "EXTERNAL" }, "title": "Path Traversal in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-5824", "datePublished": "2024-06-27T18:45:26.668Z", "dateReserved": "2024-06-10T21:22:49.891Z", "dateUpdated": "2024-08-01T21:25:03.266Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6985
Vulnerability from cvelistv5
Published
2024-10-11 15:38
Modified
2024-10-11 16:14
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < 5.9.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms", "vendor": "parisneo", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6985", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-11T16:13:21.327070Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-11T16:14:37.424Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim\u0027s computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-23", "description": "CWE-23 Relative Path Traversal", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-11T15:38:08.686Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/79c11579-47d8-4e68-8466-b47c3bf5ef6a" }, { "url": "https://github.com/parisneo/lollms/commit/28ee567a9a120967215ff19b96ab7515ce469620" } ], "source": { "advisory": "79c11579-47d8-4e68-8466-b47c3bf5ef6a", "discovery": "EXTERNAL" }, "title": "Path Traversal in api open_personality_folder in parisneo/lollms-webui" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-6985", "datePublished": "2024-10-11T15:38:08.686Z", "dateReserved": "2024-07-22T22:03:45.352Z", "dateUpdated": "2024-10-11T16:14:37.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6581
Vulnerability from cvelistv5
Published
2024-10-29 12:49
Modified
2024-10-29 13:24
Severity ?
EPSS score ?
Summary
A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, which in turn pose a risk of remote code execution. The sanitize_svg function only removes script elements and 'on*' event attributes, but does not account for other potential vectors for XSS within SVG files. This vulnerability can be exploited when authorized users access a malicious URL containing the crafted SVG file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < 9.9 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms", "vendor": "parisneo", "versions": [ { "lessThan": "9.9", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6581", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-29T13:17:31.015025Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-29T13:24:02.586Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThan": "9.9", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the discussion image upload function of the Lollms application, version v9.9, allows for the uploading of SVG files. Due to incomplete filtering in the sanitize_svg function, this can lead to cross-site scripting (XSS) vulnerabilities, which in turn pose a risk of remote code execution. The sanitize_svg function only removes script elements and \u0027on*\u0027 event attributes, but does not account for other potential vectors for XSS within SVG files. This vulnerability can be exploited when authorized users access a malicious URL containing the crafted SVG file." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-29T12:49:01.555Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/ad68ecd6-44e2-449b-8e7e-f2b71b1b43c7" }, { "url": "https://github.com/parisneo/lollms/commit/328b960a0de2097e13654ac752253e9541521ddd" } ], "source": { "advisory": "ad68ecd6-44e2-449b-8e7e-f2b71b1b43c7", "discovery": "EXTERNAL" }, "title": "Remote Code Execution due to Stored XSS in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-6581", "datePublished": "2024-10-29T12:49:01.555Z", "dateReserved": "2024-07-08T20:40:49.499Z", "dateUpdated": "2024-10-29T13:24:02.586Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6139
Vulnerability from cvelistv5
Published
2024-06-27 18:45
Modified
2024-08-01 21:33
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms-webui:9.6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms-webui", "vendor": "parisneo", "versions": [ { "lessThanOrEqual": "9.8", "status": "affected", "version": "9.6", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6139", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-27T20:06:46.240371Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-02T16:48:28.625Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:33:04.959Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/fd00f112-efd0-40a1-8227-d6733716e4c0" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThanOrEqual": "latest", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-29", "description": "CWE-29 Path Traversal: \u0027\\..\\filename\u0027", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-27T18:45:54.046Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/fd00f112-efd0-40a1-8227-d6733716e4c0" } ], "source": { "advisory": "fd00f112-efd0-40a1-8227-d6733716e4c0", "discovery": "EXTERNAL" }, "title": "Path Traversal in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-6139", "datePublished": "2024-06-27T18:45:54.046Z", "dateReserved": "2024-06-18T18:53:55.136Z", "dateUpdated": "2024-08-01T21:33:04.959Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-4315
Vulnerability from cvelistv5
Published
2024-06-12 00:40
Modified
2024-08-01 20:40
Severity ?
EPSS score ?
Summary
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < 9.8 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms:9.5:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms", "vendor": "parisneo", "versions": [ { "status": "affected", "version": "9.5" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-4315", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T14:27:21.754289Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-26T14:28:57.314Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:40:47.104Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/8a1b0197-2c36-4276-b92b-630a2a9bb09c" }, { "tags": [ "x_transferred" ], "url": "https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThan": "9.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system\u0027s availability." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-98", "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-12T00:40:15.768Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/8a1b0197-2c36-4276-b92b-630a2a9bb09c" }, { "url": "https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6" } ], "source": { "advisory": "8a1b0197-2c36-4276-b92b-630a2a9bb09c", "discovery": "EXTERNAL" }, "title": "LFI Vulnerability due to Lack of Path Sanitization in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-4315", "datePublished": "2024-06-12T00:40:15.768Z", "dateReserved": "2024-04-29T16:15:21.215Z", "dateUpdated": "2024-08-01T20:40:47.104Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3121
Vulnerability from cvelistv5
Published
2024-06-24 00:00
Modified
2024-08-01 19:32
Severity ?
EPSS score ?
Summary
A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms:5.9.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms", "vendor": "parisneo", "versions": [ { "status": "affected", "version": "5.9.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-3121", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-26T19:04:19.373838Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T18:08:19.314Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T19:32:42.719Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThanOrEqual": "latest", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the \u0027whoami\u0027 command among potentially other harmful commands." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-24T00:00:14.165Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b" } ], "source": { "advisory": "db57c343-9b80-4c1c-9ab0-9eef92c9b27b", "discovery": "EXTERNAL" }, "title": "Remote Code Execution in create_conda_env function in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-3121", "datePublished": "2024-06-24T00:00:14.165Z", "dateReserved": "2024-03-31T19:18:08.417Z", "dateUpdated": "2024-08-01T19:32:42.719Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-4078
Vulnerability from cvelistv5
Published
2024-05-16 09:03
Modified
2024-08-08 14:40
Severity ?
EPSS score ?
Summary
A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < main |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T20:33:51.663Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d" }, { "tags": [ "x_transferred" ], "url": "https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms-webui", "vendor": "parisneo", "versions": [ { "status": "affected", "version": "1.4.6" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-4078", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-16T14:55:26.479896Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-08T14:40:25.921Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThan": "main", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-16T09:03:49.562Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d" }, { "url": "https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f" } ], "source": { "advisory": "a55a8c04-df44-49b2-bcfa-2a2b728a299d", "discovery": "EXTERNAL" }, "title": "Arbitrary Code Execution in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-4078", "datePublished": "2024-05-16T09:03:49.562Z", "dateReserved": "2024-04-23T14:42:00.879Z", "dateUpdated": "2024-08-08T14:40:25.921Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6281
Vulnerability from cvelistv5
Published
2024-07-20 03:19
Modified
2024-08-01 21:33
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < 9.5.1 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms", "vendor": "parisneo", "versions": [ { "lessThan": "9.5.1", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6281", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-07-23T15:08:15.333045Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-23T15:10:14.959Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:33:05.497Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/0a62f2fb-4e62-4128-9dc4-e8f1d959ac61" }, { "tags": [ "x_transferred" ], "url": "https://github.com/parisneo/lollms/commit/26a3ff35acf152b49e1087d5698ad4864c7b6092" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThan": "9.5.1", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-440", "description": "CWE-440 Expected Behavior Violation", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-20T03:19:25.663Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/0a62f2fb-4e62-4128-9dc4-e8f1d959ac61" }, { "url": "https://github.com/parisneo/lollms/commit/26a3ff35acf152b49e1087d5698ad4864c7b6092" } ], "source": { "advisory": "0a62f2fb-4e62-4128-9dc4-e8f1d959ac61", "discovery": "EXTERNAL" }, "title": "Path Traversal in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-6281", "datePublished": "2024-07-20T03:19:25.663Z", "dateReserved": "2024-06-23T21:31:29.887Z", "dateUpdated": "2024-08-01T21:33:05.497Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-3429
Vulnerability from cvelistv5
Published
2024-06-06 18:44
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.6.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < 9.6 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms-webui", "vendor": "parisneo", "versions": [ { "lessThan": "9.6", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-3429", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-10T18:17:14.533072Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T17:41:36.663Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:12:06.926Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/fd8f50c8-17f0-40be-a2c6-bb8d80f7c409" }, { "tags": [ "x_transferred" ], "url": "https://github.com/parisneo/lollms/commit/f4424cfc3d6dfb3ad5ac17dd46801efe784933e9" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThan": "9.6", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\\lollms\\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.6." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-29", "description": "CWE-29 Path Traversal: \u0027\\..\\filename\u0027", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-06T18:44:55.299Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/fd8f50c8-17f0-40be-a2c6-bb8d80f7c409" }, { "url": "https://github.com/parisneo/lollms/commit/f4424cfc3d6dfb3ad5ac17dd46801efe784933e9" } ], "source": { "advisory": "fd8f50c8-17f0-40be-a2c6-bb8d80f7c409", "discovery": "EXTERNAL" }, "title": "Path Traversal in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-3429", "datePublished": "2024-06-06T18:44:55.299Z", "dateReserved": "2024-04-06T17:53:52.798Z", "dateUpdated": "2024-08-01T20:12:06.926Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-5443
Vulnerability from cvelistv5
Published
2024-06-22 16:12
Modified
2024-08-01 21:11
Severity ?
EPSS score ?
Summary
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure. This is facilitated by the `data.category` and `data.folder` parameters accepting empty strings (`""`), which, due to inadequate input sanitization, can lead to the construction of a `package_path` that points to the root directory. Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. The vulnerability affects versions up to 5.9.0, and has been addressed in version 9.8.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < 9.8 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms", "vendor": "parisneo", "versions": [ { "lessThanOrEqual": "5.9.0", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-5443", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-24T14:49:54.244514Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-24T14:51:22.620Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:11:12.805Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/db52848a-4dbe-4110-a981-03739834bf45" }, { "tags": [ "x_transferred" ], "url": "https://github.com/parisneo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThan": "9.8", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure. This is facilitated by the `data.category` and `data.folder` parameters accepting empty strings (`\"\"`), which, due to inadequate input sanitization, can lead to the construction of a `package_path` that points to the root directory. Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. The vulnerability affects versions up to 5.9.0, and has been addressed in version 9.8." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-29", "description": "CWE-29 Path Traversal: \u0027\\..\\filename\u0027", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-22T16:12:32.499Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/db52848a-4dbe-4110-a981-03739834bf45" }, { "url": "https://github.com/parisneo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f" } ], "source": { "advisory": "db52848a-4dbe-4110-a981-03739834bf45", "discovery": "EXTERNAL" }, "title": "Remote Code Execution via Path Traversal in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-5443", "datePublished": "2024-06-22T16:12:32.499Z", "dateReserved": "2024-05-28T18:53:00.148Z", "dateUpdated": "2024-08-01T21:11:12.805Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-4881
Vulnerability from cvelistv5
Published
2024-06-06 18:17
Modified
2024-08-01 20:55
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\windows\win.ini`) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < 5.9.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms", "vendor": "parisneo", "versions": [ { "status": "affected", "version": "9.4.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-4881", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-06T20:00:38.951300Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-06T20:03:35.700Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:55:10.194Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/94f7f901-80b0-4cf5-b545-ac5c1e7635e9" }, { "tags": [ "x_transferred" ], "url": "https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThan": "5.9.0", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\\windows\\win.ini`) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-36", "description": "CWE-36 Absolute Path Traversal", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-06T18:17:13.833Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/94f7f901-80b0-4cf5-b545-ac5c1e7635e9" }, { "url": "https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6" } ], "source": { "advisory": "94f7f901-80b0-4cf5-b545-ac5c1e7635e9", "discovery": "EXTERNAL" }, "title": "Path Traversal in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-4881", "datePublished": "2024-06-06T18:17:13.833Z", "dateReserved": "2024-05-14T18:20:59.164Z", "dateUpdated": "2024-08-01T20:55:10.194Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-6085
Vulnerability from cvelistv5
Published
2024-06-27 18:45
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to '/'. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms:9.6:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms", "vendor": "parisneo", "versions": [ { "status": "affected", "version": "9.6" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-6085", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-05T14:03:35.429378Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-09T19:16:52.617Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:25:03.365Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/d2fb73d7-4b4f-451a-8763-484c189a27fe" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThanOrEqual": "latest", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the XTTS server included in the lollms package, version v9.6. This vulnerability arises from the ability to perform an unauthenticated root folder settings change. Although the read file endpoint is protected against path traversals, this protection can be bypassed by changing the root folder to \u0027/\u0027. This allows attackers to read arbitrary files on the system. Additionally, the output folders can be changed to write arbitrary audio files to any location on the system." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-27T18:45:15.903Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/d2fb73d7-4b4f-451a-8763-484c189a27fe" } ], "source": { "advisory": "d2fb73d7-4b4f-451a-8763-484c189a27fe", "discovery": "EXTERNAL" }, "title": "Path Traversal in parisneo/lollms" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-6085", "datePublished": "2024-06-27T18:45:15.903Z", "dateReserved": "2024-06-17T17:39:09.676Z", "dateUpdated": "2024-08-01T21:25:03.365Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-4499
Vulnerability from cvelistv5
Published
2024-06-24 03:06
Modified
2024-08-01 20:40
Severity ?
EPSS score ?
Summary
A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | parisneo | parisneo/lollms |
Version: unspecified < |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "lollms-webui", "vendor": "parisneo", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-4499", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-24T14:55:08.426293Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-01T17:40:59.278Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T20:40:47.283Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://huntr.com/bounties/336cd0eb-eb47-450d-9b2c-9332f69af65a" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "parisneo/lollms", "vendor": "parisneo", "versions": [ { "lessThanOrEqual": "latest", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "descriptions": [ { "lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the XTTS server of parisneo/lollms version 9.6 due to a lax CORS policy. The vulnerability allows attackers to perform unauthorized actions by tricking a user into visiting a malicious webpage, which can then trigger arbitrary LoLLMS-XTTS API requests. This issue can lead to the reading and writing of audio files and, when combined with other vulnerabilities, could allow for the reading of arbitrary files on the system and writing files outside the permitted audio file location." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-24T03:06:46.088Z", "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai" }, "references": [ { "url": "https://huntr.com/bounties/336cd0eb-eb47-450d-9b2c-9332f69af65a" } ], "source": { "advisory": "336cd0eb-eb47-450d-9b2c-9332f69af65a", "discovery": "EXTERNAL" }, "title": "CSRF Vulnerability in parisneo/lollms XTTS Server" } }, "cveMetadata": { "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "assignerShortName": "@huntr_ai", "cveId": "CVE-2024-4499", "datePublished": "2024-06-24T03:06:46.088Z", "dateReserved": "2024-05-04T23:18:49.336Z", "dateUpdated": "2024-08-01T20:40:47.283Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }