CVE-2024-6394 | parisneo lollms-webui up to 9.7 Configuration File app.py serve_js path traversal

Inserito da Angelo Barbosa | Set 30, 2024 | CVE

A vulnerability classified as problematic has been found in parisneo lollms-webui up to 9.7. Affected is the function serve_js of the file app.py of the component Configuration File Handler. The manipulation leads to path traversal: ‘..filename’.

This vulnerability is traded as CVE-2024-6394. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-6394 | parisneo lollms-webui up to 9.7 Configuration File app.py serve_js path traversal

Post correlati

CVE-2024-1857 | wpswings Ultimate Gift Cards for WooCommerce Plugin up to 2.6.6 on WordPress wps_wgm_preview_email_template authorization

CVE-2024-2932 | SourceCodester Online Chatting System 1.0 admin/update_room.php id sql injection

CVE-2024-21894 | Ivanti Connect Secure/Policy Secure IPSec heap-based overflow

CVE-2023-6326 | Master Slider Plugin up to 3.9.5 on WordPress process_bulk_action cross-site request forgery