Path Traversal Affecting lollms package, versions [0,]
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.04% (10th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-LOLLMS-7411417
- published 28 Jun 2024
- disclosed 27 Jun 2024
- credit ehtec
Introduced: 27 Jun 2024
New CVE-2024-6139 Open this link in a new tabHow to fix?
There is no fixed version for lollms
.
Overview
lollms is an A python library for AI personality definition
Affected versions of this package are vulnerable to Path Traversal in speaker wav and output file paths.. This vulnerability can be abused to write audio files compatible with XTTS to arbitrary locations on the system, and also enumerate such file paths on the system.