Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-m45c-v46h-c788: lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE

A path traversal vulnerability in the /set_personality_config endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as force_accept_remote_access and turn_on_code_validation.

ghsa
#vulnerability#git#rce

lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE

High severity GitHub Reviewed Published Jun 27, 2024 to the GitHub Advisory Database • Updated Jun 28, 2024

ghsa: Latest News

GHSA-6jrf-rcjf-245r: changedetection.io path traversal using file URI scheme without supplying hostname