We found results for “”
CVE-2024-6971
Date: October 11, 2024
A path traversal vulnerability exists in the parisneo/lollms-webui repository, specifically in the "lollms_file_system.py" file. The functions "add_rag_database", "toggle_mount_rag_database", and "vectorize_folder" do not implement security measures such as "sanitize_path_from_endpoint" or "sanitize_path". This allows an attacker to perform vectorize operations on ".sqlite" files in any directory on the victim's computer, potentially installing multiple packages and causing a crash.
Language: Python
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-22CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | LOCAL |
| Attack Complexity (AC): | LOW |
| Privileges Required (PR): | HIGH |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | LOW |
| Availability (A): | LOW |
Vulnerabilities
Projects
Contact Us


