CVE-2024-4841 | parisneo lollms-webui up to 9.6 HTTP Request add_reference_to_local_model add_reference_to_local_mode path path traversal

Inserito da Angelo Barbosa | Giu 23, 2024 | CVE

A vulnerability was found in parisneo lollms-webui up to 9.6. It has been rated as problematic. Affected by this issue is the function add_reference_to_local_mode of the file /add_reference_to_local_model of the component HTTP Request Handler. The manipulation of the argument path leads to path traversal: ‘..filename’.

This vulnerability is handled as CVE-2024-4841. An attack has to be approached locally. There is no exploit available.

CVE-2024-4841 | parisneo lollms-webui up to 9.6 HTTP Request add_reference_to_local_model add_reference_to_local_mode path path traversal

Post correlati

CVE-2024-45299 | alfio-event alf.io up to 2.0-M4 Content Security Policy escape output (GHSA-mcx6-25f8-8rqw)

CVE-2021-46907 | Linux Kernel up to 5.10.31/5.11/5.11.15 VMX __vmx_handle_exit array index (7f64753835a7/ce541d7b5956/04c4f2ee3f68)

CVE-2024-2887 | Google Chrome prior 123.0.6312.86 WebAssembly type confusion

CVE-2024-6088 | LearnPress Plugin up to 4.2.6.8.1 on WordPress User Registration authorization