Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
Path Traversal and OS Command Injection in parisneo/lollms-webui
CVE-2024-10019
Description
A vulnerability in the start_app_server function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the app_name parameter, enabling an attacker to upload a malicious server.py file and execute arbitrary code by exploiting the path traversal vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.