lollms@6.9.0 vulnerabilities

A python library for AI personality definition

Known vulnerabilities in the lollms package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Path Traversal lollms is an A python library for AI personality definition Affected versions of this package are vulnerable to Path Traversal in speaker wav and output file paths.. This vulnerability can be abused to write audio files compatible with XTTS to arbitrary locations on the system, and also enumerate such file paths on the system. How to fix Path Traversal? There is no fixed version for `lollms`.	[0,)
H Path Traversal lollms is an A python library for AI personality definition Affected versions of this package are vulnerable to Path Traversal due to the possibility of performing an unauthenticated root folder settings change. An attacker can read arbitrary files on the system. Note: This vulnerability can be abused to write audio files compatible with XTTS to arbitrary locations on the system, and also enumerate such file paths on the system. How to fix Path Traversal? There is no fixed version for `lollms`.	[0,)
C Command Injection lollms is an A python library for AI personality definition Affected versions of this package are vulnerable to Command Injection in the `unInstall_binding` function. An attacker can execute arbitrary code by loading a malicious `__init__.py` file due to insufficient sanitization of the `name` parameter. How to fix Command Injection? Upgrade `lollms` to version 9.5.1 or higher.	[0,9.5.1)