High

lollms

Path Traversal Vulnerability on Windows

A path traversal vulnerability in parisneo/lollms version 9.4.0 allows attackers to read any file on the Windows system due to improper path validation. The issue was patched in version 5.9.0.

Available publicly on May 31 2024

7.5

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

nhienit2010
Remediation Steps
  • Ensure your LoLLMs installation is updated to version 5.9.0 or later.
  • Review and apply proper input sanitization and validation techniques to prevent path traversal vulnerabilities.
  • Regularly audit your application for security vulnerabilities and apply patches as necessary.
  • Consider implementing additional security measures such as file access permissions and user role validations to limit the potential impact of such vulnerabilities.
Patch Details
  • Fixed Version: 5.9.0
  • Patch Commit: https://github.com/ParisNeo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.