Description

A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands.

INFO

Published Date :

2024-06-24T00:00:14.165Z

Last Modified :

2024-08-01T19:32:42.719Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3121 vulnerability.

Vendors Products
Lollms
  • Lollms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-3121.

URL Resource
https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact