CVE-2024-6394 | parisneo lollms-webui up to 9.7 Configuration File app.py serve_js path traversal

Posted by Angelo Barbosa | Sep 30, 2024 | CVE

A vulnerability classified as problematic has been found in parisneo lollms-webui up to 9.7. Affected is the function serve_js of the file app.py of the component Configuration File Handler. The manipulation leads to path traversal: ‘..filename’.

This vulnerability is traded as CVE-2024-6394. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-6394 | parisneo lollms-webui up to 9.7 Configuration File app.py serve_js path traversal

Related Posts

CVE-2024-38536 | OISF Suricata up to 7.0.5 Memory Allocation null pointer dereference

CVE-2024-7732 | SECOM Dr.ID Attendance System up to 3.6.2 page sql injection

CVE-2024-23976 | F5 BIG-IP up to 15.1.8/16.1.3/17.1.0 Appliance Mode privileges assignment (K91054692)

CVE-2023-48782 | Fortinet FortiWLM up to 8.6.5 HTTP GET Request os command injection (FG-IR-23-450)