VYPR
High severity7.3GHSA Advisory· Published Jul 20, 2024· Updated Jun 17, 2026

CVE-2024-6281

CVE-2024-6281

Description

A path traversal vulnerability exists in the apply_settings function of parisneo/lollms versions prior to 9.5.1. The sanitize_path function does not adequately secure the discussion_db_name parameter, allowing attackers to manipulate the path and potentially write to important system folders.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
lollmsPyPI
< 9.5.19.5.1

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.