Описание
A path traversal vulnerability exists in the install and uninstall API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of user-supplied input, which can be exploited to traverse directories outside the intended path.
Уязвимые конфигурации
EPSS
6.7 Medium
CVSS3
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
A path traversal vulnerability exists in the `install` and `uninstall` API endpoints of parisneo/lollms-webui version V12 (Strawberry). This vulnerability allows attackers to create or delete directories with arbitrary paths on the system. The issue arises due to insufficient sanitization of user-supplied input, which can be exploited to traverse directories outside the intended path.
EPSS
6.7 Medium
CVSS3
9.8 Critical
CVSS3