High Severity

lollms

Path Traversal Vulnerability on Windows

A path traversal vulnerability in parisneo/lollms version 9.4.0 allows attackers to read any file on the Windows system due to improper path validation. The issue was patched in version 5.9.0.

Available publicly on May 31 2024

7.5

CVE:

CVE-2024-4881

CWE:

36:Absolute Path Traversal

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Credit:

nhienit2010
AssessDetect

Premium

Remediate
Remediation Steps
  • Ensure your LoLLMs installation is updated to version 5.9.0 or later.
  • Review and apply proper input sanitization and validation techniques to prevent path traversal vulnerabilities.
  • Regularly audit your application for security vulnerabilities and apply patches as necessary.
  • Consider implementing additional security measures such as file access permissions and user role validations to limit the potential impact of such vulnerabilities.
Patch Details
  • Fixed Version: 5.9.0
  • Patch Commit: https://github.com/ParisNeo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon