Critical

lollms

Windows Path Traversal

A vulnerability in the lollms application allows attackers to perform directory traversal attacks on Windows systems due to improper sanitization of Windows-style paths. The issue affects version 9.5 and was patched in version 9.8.

Available publicly on Jun 12 2024

Threat Overview

The vulnerability stems from the sanitize_path_from_endpoint function's failure to properly sanitize Windows-style paths (backslashes). This oversight allows attackers to exploit directory traversal vulnerabilities, potentially reading or deleting any file on the system. The function attempts to prevent directory traversal attacks by checking for suspicious patterns and absolute paths but neglects to account for backslashes, which are valid path separators on Windows systems.

Attack Scenario

An attacker can exploit this vulnerability by sending a specially crafted request to the personalities or /del_preset endpoints, including a path with backslashes that navigate to sensitive files or system directories. For example, accessing http://127.0.0.1:9600/personalities/%5Cpath%5Cto%5Csensitive%5Cfile.txt could allow reading sensitive files, and exploiting the /del_preset endpoint could lead to deletion of critical files, impacting system availability.

Who is affected

Any system running the lollms application version 9.5 on Windows is vulnerable to this directory traversal attack. Both the integrity and availability of the system can be compromised, allowing attackers to read sensitive information or delete critical files.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.