CVE-2024-9597 describes a Path Traversal vulnerability discovered in the /wipe_database endpoint of the parisneo/lollms project, specifically impacting versions up to the latest release. This flaw allows unauthorized deletion of directories on the system, posing a significant risk to data integrity and system stability. The vulnerability stems from insufficient validation of the key parameter within the endpoint. A fix is expected in a future release.
The /wipe_database endpoint in lollms is vulnerable to Path Traversal due to insufficient validation of the key parameter. An attacker can craft a malicious HTTP request, manipulating this parameter to construct arbitrary file paths. This allows them to delete any directory accessible to the lollms process, potentially including critical system files, configuration data, or user data. The blast radius extends to the entire system, as the attacker gains the ability to erase any directory they can reach. This vulnerability is particularly concerning given the potential for complete system compromise through data deletion.
CVE-2024-9597 was publicly disclosed on 2025-03-20. The vulnerability's simplicity and the potential for widespread impact suggest a medium probability of exploitation. While no public proof-of-concept (PoC) has been observed at the time of writing, the ease of exploitation makes it a likely target for opportunistic attackers. The vulnerability has not yet been added to the CISA KEV catalog.
Organizations deploying lollms, particularly those running the latest version without proper input validation or access controls, are at significant risk. Shared hosting environments where multiple users share the same server instance are especially vulnerable, as a compromise of one user's lollms instance could lead to the compromise of the entire server.
• python / server:
import os
import requests
url = 'http://your-lollms-server/wipe_database?key=../../../../etc/passwd'
try:
response = requests.get(url)
if response.status_code == 200:
print("Potential Path Traversal detected!")
else:
print("Request failed.")
except requests.exceptions.RequestException as e:
print(f"Error: {e}")• linux / server:
journalctl -u lollms -f | grep "wipe_database"• generic web:
curl -I http://your-lollms-server/wipe_database?key=../../../../etc/passwddisclosure
Exploit-Status
EPSS
0.06% (20% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-9597 is to upgrade to a patched version of lollms as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. One approach is to restrict access to the /wipedatabase endpoint using a Web Application Firewall (WAF) or proxy server, blocking requests with suspicious characters in the key parameter. Additionally, carefully review and restrict the permissions of the user account running the lollms process to minimize the potential damage from a successful attack. Monitor system logs for unusual file deletion activity. After upgrading, confirm the vulnerability is resolved by attempting a controlled request to the /wipedatabase endpoint with a crafted path traversal payload and verifying that it is rejected.
Actualice la biblioteca parisneo/lollms a la última versión disponible. Esto solucionará la vulnerabilidad de path traversal en el endpoint `/wipe_database`. Asegúrese de validar y sanitizar correctamente las entradas del usuario, especialmente el parámetro `key`, para evitar la manipulación de rutas de archivos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-9597 is a Path Traversal vulnerability in lollms, allowing attackers to delete directories. It affects versions ≤latest and has a HIGH severity rating.
If you are running lollms version ≤latest, you are potentially affected. Assess your environment and implement mitigations immediately.
The recommended fix is to upgrade to a patched version of lollms. Until then, restrict endpoint access and implement input validation.
There is currently no evidence of active exploitation, but the vulnerability's ease of exploitation suggests it may become a target.
Refer to the parisneo/lollms project repository and related security announcements for the official advisory.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.