Описание
A path traversal vulnerability in the /set_personality_config endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml file. This can lead to remote code execution by changing server configuration properties such as force_accept_remote_access and turn_on_code_validation.
EPSS
Процентиль: 80%
0.01395
Низкий
7.4 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.4
github
больше 1 года назад
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
EPSS
Процентиль: 80%
0.01395
Низкий
7.4 High
CVSS3
Дефекты
CWE-22