CVE-2024-6985

A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms-webui. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.
Configurations

No configuration.

History

15 Oct 2024, 12:58

Type Values Removed Values Added
Summary
  • (es) Existe una vulnerabilidad de path traversal en el endpoint de la API open_personality_folder de parisneo/lollms-webui. Esta vulnerabilidad permite a un atacante leer cualquier carpeta en personality_folder en la computadora de la víctima, incluso aunque sanitize_path esté configurado. El problema surge debido a una desinfección incorrecta del parámetro personality_folder, que puede explotarse para recorrer directorios y acceder a archivos arbitrarios.

11 Oct 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-11 16:15

Updated : 2024-10-15 12:58


NVD link : CVE-2024-6985

Mitre link : CVE-2024-6985

CVE.ORG link : CVE-2024-6985


JSON object : View

Products Affected

No product.

CWE
CWE-23

Relative Path Traversal