4.4

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-6985

GHSA ID

GHSA-6h64-g7cj-hj56

EPSS Score

0.11833%

CWE

CWE-23

Published

10/11/2024

Updated

10/11/2024

KEV Status

Technology

Python

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-6985

CVE-2024-6985: Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint

A path traversal vulnerability exists in the api open_personality_folder endpoint of parisneo/lollms. This vulnerability allows an attacker to read any folder in the personality_folder on the victim's computer, even though sanitize_path is set. The issue arises due to improper sanitization of the personality_folder parameter, which can be exploited to traverse directories and access arbitrary files.

(GitHub Advisory)

4.4

CVSS Score

3.0

Basic Information

CVE ID

CVE-2024-6985

GHSA ID

GHSA-6h64-g7cj-hj56

EPSS Score

0.11833%

CWE

CWE-23

Published

10/11/2024

Updated

10/11/2024

KEV Status

Technology

Python

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
lollms	pip	<= 9.5.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

* p*t* tr*v*rs*l vuln*r**ility *xists in t** *pi op*n_p*rson*lity_*ol**r *n*point o* p*risn*o/lollms. T*is vuln*r**ility *llows *n *tt**k*r to r*** *ny *ol**r in t** p*rson*lity_*ol**r on t** vi*tim's *omput*r, *v*n t*ou** s*nitiz*_p*t* is s*t. T** i

Reasoning

No *n*lysis *v*il**l*

4.4

Basic Information

Concerned about an active attack path?

CVE-2024-6985: Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint

4.4

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI