CVE-2024-2548 | parisneo lollms-webui up to 9.4 on Windows Request Path(path).is_absolute absolute path traversal

Posted by Angelo Barbosa | Jun 6, 2024 | CVE

A vulnerability has been found in parisneo lollms-webui up to 9.4 on Windows and classified as problematic. This vulnerability affects the function Path(path).is_absolute of the component Request Handler. The manipulation leads to absolute path traversal.

This vulnerability was named CVE-2024-2548. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-2548 | parisneo lollms-webui up to 9.4 on Windows Request Path(path).is_absolute absolute path traversal

Related Posts

CVE-2022-48768 | Linux Kernel up to 5.4.175/5.10.95/5.15.18/5.16.4 histogram kstrdup memory leak

CVE-2023-7059 | SourceCodester School Visitor Log e-Book 1.0 log-book.php Full Name cross site scripting

CVE-2023-5405 | Honeywell Experion Server Message information disclosure

CVE-2024-7078 | Semtek Sempos up to 31072024 sql injection