CVE-2024-5443 | parisneo lollms up to 9.7 ExtensionBuilder.build_extension path traversal

Posted by Angelo Barbosa | Jun 22, 2024 | CVE

A vulnerability was found in parisneo lollms up to 9.7 and classified as very critical. This issue affects the function ExtensionBuilder.build_extension. The manipulation leads to path traversal: ‘..filename’.

The identification of this vulnerability is CVE-2024-5443. The attack may be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-5443 | parisneo lollms up to 9.7 ExtensionBuilder.build_extension path traversal

Related Posts

CVE-2024-32105 | ELEXtensions ELEX WooCommerce Dynamic Pricing and Discounts Plugin cross-site request forgery

CVE-2023-47576 | Relyum RELY-PCIe/RELY-REC Web Interface command injection

CVE-2023-36103 | Tenda AC15 15.03.05.20 POST Request goform/SetIPTVCfg command injection

CVE-2023-43303 | Craftbeer Bar Canvas mini-app on Line 13.6.1 Channel Access Token information disclosure