High Severity

lollms-webui

Path Traversal Vulnerability in 'cyber_security/codeguard' Personality

A path traversal vulnerability was identified in the 'cyber_security/codeguard' personality of the 'lollms-webui' application, allowing for arbitrary file read and overwrite. This issue affects the latest version of the software and was patched in version 9.5. The vulnerability stems from improper handling of directory paths, enabling attackers to traverse outside of intended directories.

Available publicly on May 21 2024

8.4

CVE:

CVE-2024-3322

CWE:

22:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS:

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Credit:

retr0reg
AssessDetect

Premium

Remediate
Remediation Steps
  • Ensure your 'lollms-webui' application is updated to version 9.5 or later.
  • Avoid using direct filesystem paths in personality settings. Consider implementing file uploads or remote fetching mechanisms for processing files.
  • Implement strict path validation to prevent directory traversal.
  • Regularly review and update the security settings of personalities to mitigate potential vulnerabilities.
Patch Details
  • Fixed Version: 9.5
  • Patch Commit: https://github.com/ParisNeo/lollms-webui/commit/1e17df01e01d4d33599db2afaafe91d90b6f0189
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have 291 related security advisories that are available with Sightline Premium.

Sightline logo
About Protect AIPrivacy PolicyTerms of Service
© 2024 Protect AI, Inc.
Slack iconLinkedIn iconYoutube iconX icon