7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-4881

GHSA ID

GHSA-p8h7-c8gw-6x8c

EPSS Score

0.39848%

CWE

CWE-22

Published

6/6/2024

Updated

10/17/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-4881

CVE-2024-4881: LoLLMS Path Traversal vulnerability

A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 9.5.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (\), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the /user_infos endpoint, where a crafted request using backslashes to reference a file (e.g., \windows\win.ini) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system.

(GitHub Advisory)

7.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-4881

GHSA ID

GHSA-p8h7-c8gw-6x8c

EPSS Score

0.39848%

CWE

CWE-22

Published

6/6/2024

Updated

10/17/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
lollms	pip	< 9.5.0	9.5.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper path sanitization in two functions:

Both functions lacked path.replace('\\', '/') calls in pre-patch versions, leaving Windows-style paths unnormalized.
The absence of backslash handling allowed bypassing Linux-centric path checks (like startswith('/')) when deployed on Windows.
The patch explicitly adds backslash normalization to both functions, confirming they were the vulnerability sources.
The CWE-22/CWE-36 mapping and vulnerability description directly implicate these path-sanitization functions as the failure points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* p*t* tr*v*rs*l vuln*r**ility *xists in t** p*risn*o/lollms *ppli**tion, *****tin* v*rsion *.*.* *n* pot*nti*lly **rli*r v*rsions, *ut *ix** in v*rsion *.*.*. T** vuln*r**ility *ris*s *u* to improp*r v*li**tion o* *il* p*t*s **tw**n Win*ows *n* Linu

Reasoning

T** vuln*r**ility st*mm** *rom improp*r p*t* s*nitiz*tion in two *un*tions: *. *ot* *un*tions l**k** `p*t*.r*pl***('\\', '/')` **lls in pr*-p*t** v*rsions, l**vin* Win*ows-styl* p*t*s unnorm*liz**. *. T** **s*n** o* ***ksl*s* **n*lin* *llow** *yp*ssi

7.5

Basic Information

Concerned about an active attack path?

CVE-2024-4881: LoLLMS Path Traversal vulnerability

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI