High

lollms

Path Traversal Vulnerability on Windows

A path traversal vulnerability in parisneo/lollms version 9.4.0 allows attackers to read any file on the Windows system due to improper path validation. The issue was patched in version 5.9.0.

Available publicly on May 31 2024

7.5

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

nhienit2010
Threat Overview

The vulnerability stems from inadequate validation of file paths between Windows and Linux environments in the LoLLMs software. Specifically, the application fails to properly sanitize input paths, allowing attackers to exploit the path traversal flaw to access and read files outside the intended directory. This is possible by using backslashes (\) to navigate to the root directory on Windows platforms, effectively bypassing the existing security measures that were designed to prevent such unauthorized access.

Attack Scenario

An attacker can exploit this vulnerability by sending a specially crafted HTTP GET request to the /user_infos endpoint of the LoLLMs application. By including a path in the request that utilizes backslashes to navigate to the root directory (e.g., \windows\win.ini), the attacker can bypass the application's path validation logic and read any file on the system. This could potentially expose sensitive information, such as environment variables, database files, or configuration files containing critical keys.

Who is affected

Any system running the affected version of parisneo/lollms (9.4.0) on a Windows platform is vulnerable to this path traversal attack. This includes environments where sensitive files are accessible to the application, potentially leading to unauthorized access to critical information.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.