प्लेटफ़ॉर्म
python
घटक
parisneo/lollms
में ठीक किया गया
9.8
CVE-2024-4315 represents a critical Local File Inclusion (LFI) vulnerability affecting lollms versions 9.5 and earlier. This flaw allows attackers to potentially read or delete arbitrary files on the system, leading to severe data compromise and system instability. The vulnerability stems from inadequate path sanitization within the sanitizepathfrom_endpoint function, particularly concerning Windows-style paths. Upgrade to version 9.8 to address this security risk.
The impact of CVE-2024-4315 is significant, particularly on Windows systems. An attacker can exploit this LFI vulnerability to read sensitive configuration files, source code, or even system binaries. The ability to delete files could lead to denial-of-service conditions or further compromise the system. The vulnerability's exploitation path through personalities and /del_preset suggests a relatively straightforward attack vector, potentially accessible to less sophisticated attackers. Successful exploitation could grant an attacker complete control over the affected system, allowing for data exfiltration, privilege escalation, and persistent access.
CVE-2024-4315 was publicly disclosed on 2024-06-12. There is no indication of this vulnerability being actively exploited in the wild at this time. No public proof-of-concept (PoC) code has been released, but the vulnerability's nature suggests that a PoC could be developed relatively easily. The vulnerability is not currently listed on the CISA KEV catalog.
Organizations running lollms version 9.5 or earlier, particularly those deploying the application on Windows servers, are at significant risk. Shared hosting environments where multiple users share the same lollms instance are also vulnerable, as an attacker could potentially exploit the vulnerability to access files belonging to other users.
• windows / supply-chain:
Get-ChildItem -Path "C:\path\to\lollms\personalities*" -Recurse -ErrorAction SilentlyContinue | Where-Object {$_.FullName -match '\\'} # Check for suspicious path patterns• linux / server:
find /opt/lollms/personalities -type f -print0 | xargs -0 grep -i '\\'• generic web:
curl -I http://your-lollms-server/personalities/../../../../etc/passwd # Attempt directory traversaldisclosure
एक्सप्लॉइट स्थिति
EPSS
0.90% (76% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2024-4315 is to upgrade lollms to version 9.8 or later, which includes the necessary path sanitization fixes. If an immediate upgrade is not feasible, consider implementing stricter file access controls and limiting the permissions of the lollms user account. Monitor the personalities and /del_preset endpoints for suspicious activity. While a WAF might offer some protection, it's unlikely to be effective against this type of LFI vulnerability without specific rules tailored to the application's logic. After upgrading, verify the fix by attempting to access files outside the intended directories via the vulnerable endpoints to confirm that directory traversal is prevented.
parisneo/lollms लाइब्रेरी को संस्करण 9.8 या उच्चतर में अपडेट करें। इस संस्करण में अपर्याप्त पथ सैनिटाइजेशन के कारण लोकल फ़ाइल इन्क्लूजन (LFI) भेद्यता के लिए एक सुधार शामिल है। अपडेट करने से विंडोज सिस्टम पर हमलावरों द्वारा डायरेक्टरी ट्रैवर्सल हमलों को रोका जा सकेगा।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-4315 is a critical Local File Inclusion (LFI) vulnerability in lollms versions up to 9.8, allowing attackers to read or delete files on Windows systems.
You are affected if you are running lollms version 9.5 or earlier. Upgrade to version 9.8 to mitigate the risk.
Upgrade lollms to version 9.8 or later. Implement stricter file access controls as a temporary workaround.
There is currently no evidence of active exploitation, but the vulnerability's nature makes it a potential target.
Refer to the lollms project's official repository or website for the latest security advisories and updates.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी requirements.txt फ़ाइल अपलोड करें और तुरंत जानें कि आप प्रभावित हैं या नहीं।