CVE-2024-6394

NONE EPSS 44.0%
Published Sep 30, 20241y ago · Modified Jun 17, 20261w ago
Find Similar
Published Sep 30, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.

Threat Intelligence

EPSS Exploit Probability
44.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-29

Affected Products 1

VendorProductVersionRange
lollmslollms_web_ui9.8any

References 1

  • huntr.com https://huntr.com/bounties/6df4f990-b632-4791-b3ea-f40c9ea905bf
    ExploitIssue TrackingThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.