Description

A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.

INFO

Published Date :

2024-10-11T15:38:08.686Z

Last Modified :

2024-10-11T16:14:37.424Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6985 vulnerability.

Vendors Products
Lollms
  • Lollms
Parisneo
  • Lollms
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6985.

URL Resource
https://github.com/parisneo/lollms/commit/28ee567a9a120967215ff19b96ab7515ce469620 cve-icon cve-icon
https://huntr.com/bounties/79c11579-47d8-4e68-8466-b47c3bf5ef6a cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact