CVE-2024-6394
CVE-2024-6394
Título es
CVE-2024-6394
Lun, 30/09/2024 – 08:15
Tipo
CWE-29
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2024-6394
Descripción en
A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code.
30/09/2024
30/09/2024
Vector CVSS:3.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Gravedad 3.1 (CVSS 3.1 Base Score)
7.50
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Enviar en el boletín
Off
