A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\windows\win.ini`) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system.
Metrics
Affected Vendors & Products
References
History
Thu, 17 Oct 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lollms
Lollms lollms |
|
Weaknesses | CWE-22 | |
CPEs | cpe:2.3:a:lollms:lollms:*:*:*:*:*:*:*:* | |
Vendors & Products |
Lollms
Lollms lollms |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-06T18:17:13.833Z
Updated: 2024-08-01T20:55:10.194Z
Reserved: 2024-05-14T18:20:59.164Z
Link: CVE-2024-4881
Vulnrichment
Updated: 2024-08-01T20:55:10.194Z
NVD
Status : Modified
Published: 2024-06-06T19:16:03.063
Modified: 2024-11-21T09:43:46.897
Link: CVE-2024-4881
Redhat
No data.