Moderate severityNVD Advisory· Published Oct 11, 2024· Updated Oct 11, 2024
Path Traversal in api open_personality_folder in parisneo/lollms-webui
CVE-2024-6985
Description
A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
lollmsPyPI | <= 9.5.1 | — |
Affected products
2- parisneo/parisneo/lollmsv5Range: unspecified
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.