A vulnerability has been found in parisneo lollms up to 9.6 and classified as critical. This vulnerability affects the function
tts_to_file
. The manipulation leads to path traversal: ‘..filename’.
This vulnerability was named CVE-2024-6139. The attack can be initiated remotely. There is no exploit available.