CVE-2024-6985 | parisneo lollms-webui up to 5.8.x open_personality_folder path traversal

Posted by Angelo Barbosa | Oct 11, 2024 | CVE

A vulnerability was found in parisneo lollms-webui up to 5.8.x. It has been declared as problematic. This vulnerability affects the function open_personality_folder. The manipulation of the argument personality_folder leads to relative path traversal.

This vulnerability was named CVE-2024-6985. An attack has to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-6985 | parisneo lollms-webui up to 5.8.x open_personality_folder path traversal

Related Posts

CVE-2024-29983 | Microsoft OLE DB Driver/SQL Server heap-based overflow

CVE-2024-43443 | OTRS/OTRS Community Edition Process Management Module cross site scripting

CVE-2024-31803 | emp-ot 0.2.4 read_pre_data128_from_file buffer overflow

CVE-2023-7003 | Sciener Firmware Wireless Keypad Pairing hard-coded key (VU#949046)