Описание
lollms vulnerable to dot-dot-slash path traversal in XTTS server
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the tts_to_file endpoint.
Пакеты
Наименование
lollms
pip
Затронутые версииВерсия исправления
<= 9.5.1
Отсутствует
Связанные уязвимости
CVSS3: 7.3
nvd
больше 1 года назад
A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint.