Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-m45c-v46h-c788: lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE

A path traversal vulnerability in the /set_personality_config endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as force_accept_remote_access and turn_on_code_validation.

ghsa
#vulnerability#git#rce

lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE

High severity GitHub Reviewed Published Jun 27, 2024 to the GitHub Advisory Database • Updated Jun 28, 2024

ghsa: Latest News

GHSA-qg5g-gv98-5ffh: rustls network-reachable panic in `Acceptor::accept`