GHSA-mvrm-fh8q-6wr2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mvrm-fh8q-6wr2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-mvrm-fh8q-6wr2/GHSA-mvrm-fh8q-6wr2.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-mvrm-fh8q-6wr2
- Aliases
- Published
- 2024-06-22T18:30:41Z
- Modified
- 2024-06-26T05:37:29.736120Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Remote Code Execution via path traversal bypass in lollms
- Details
-
CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the
ExtensionBuilder().build_extension()function. The vulnerability arises from the/mount_extensionendpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure. This is facilitated by thedata.categoryanddata.folderparameters accepting empty strings (""), which, due to inadequate input sanitization, can lead to the construction of apackage_paththat points to the root directory. Consequently, if an attacker can create aconfig.yamlfile in a controllable path, this path can be appended to theextensionslist and trigger the execution of__init__.pyin the current directory, leading to remote code execution. The vulnerability affects versions from 5.9.0, and has been addressed in version 9.5.1. - Database specific
{ "nvd_published_at": "2024-06-22T17:15:34Z", "cwe_ids": [ "CWE-29" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2024-06-24T21:22:50Z" }- References
Affected packages
PyPI / lollms
Package
- Name
- lollms
- View open source insights on deps.dev
- Purl
- pkg:pypi/lollms