CVE-2024-5824: lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
(updated )
A path traversal vulnerability in the /set_personality_config
endpoint of parisneo/lollms version 9.4.0 allows an attacker to overwrite the configs/config.yaml
file. This can lead to remote code execution by changing server configuration properties such as force_accept_remote_access
and turn_on_code_validation
.
References
Detect and mitigate CVE-2024-5824 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →