icon

We found results for “

CVE-2024-10019

Good to know:

icon

Date: March 20, 2025

A vulnerability in the "start_app_server" function of parisneo/lollms-webui V12 (Strawberry) allows for path traversal and OS command injection. The function does not properly sanitize the "app_name" parameter, enabling an attacker to upload a malicious "server.py" file and execute arbitrary code by exploiting the path traversal vulnerability.

Severity Score

Severity Score

Weakness Type (CWE)

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-78

Relative Path Traversal

CWE-23

Top Fix

icon

Upgrade Version

Upgrade to version https://github.com/ParisNeo/lollms-webui.git - v13

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): HIGH
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us