CVE-2024-2548 | parisneo lollms-webui up to 9.4 on Windows Request Path(path).is_absolute absolute path traversal

Inserito da Angelo Barbosa | Giu 6, 2024 | CVE

A vulnerability has been found in parisneo lollms-webui up to 9.4 on Windows and classified as problematic. This vulnerability affects the function Path(path).is_absolute of the component Request Handler. The manipulation leads to absolute path traversal.

This vulnerability was named CVE-2024-2548. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-2548 | parisneo lollms-webui up to 9.4 on Windows Request Path(path).is_absolute absolute path traversal

Post correlati

CVE-2024-35314 | Mitel MiCollab Desktop Client command injection

CVE-2024-43957 | Sk. Abul Hasan Animated Number Counters Plugin up to 1.9 on WordPress path traversal

CVE-2024-2371 | Korenix JetIO 6550 F208 Build 0817 information disclosure

CVE-2024-20263 | Cisco 250 Series Smart Switch ACL access control (cisco-sa-sb-bus-acl-bypass-5zn9hNJk)