What is CVE-2024-3322 — Path Traversal in lollms-webui?

CVE-2024-3322 is a Path Traversal vulnerability in parisneo/lollms-webui versions up to 9.5, allowing attackers to potentially read arbitrary files.

Am I affected by CVE-2024-3322 in lollms-webui?

You are affected if you are using lollms-webui versions 9.5 or earlier. Upgrade to version 9.5 to mitigate the risk.

How do I fix CVE-2024-3322 in lollms-webui?

Upgrade lollms-webui to version 9.5 or later. Consider implementing WAF rules to block suspicious path traversal attempts.

Is CVE-2024-3322 being actively exploited?

As of now, there are no confirmed reports of active exploitation of CVE-2024-3322.

Where can I find the official lollms-webui advisory for CVE-2024-3322?

Refer to the parisneo/lollms-webui project's repository and release notes for the official advisory and update information.

CVE-2024-3322 — Vulnerability Details

NEXTGUARD

Gratis scannen

CVE-2024-3322 — Vulnerability Details | NextGuard

Detectiestappenwordt vertaald…

• linux / server:

find /opt/lollms-webui -name 'processor.py' -print0 | xargs -0 grep -i 'code_folder_path'

• python / supply-chain: Inspect the processor.py file within the lollms-webui/zoos/personalitieszoo/cybersecurity/codeguard/scripts/ directory for the vulnerable process_folder function and lack of proper input sanitization. • generic web: Attempt to access files outside the intended directory using path traversal sequences in the URL (e.g., /zoos/personalitieszoo/cybersecurity/codeguard/../../../../etc/passwd).

Padtraversering in parisneo/lollms-webui

Impact en Aanvalsscenarios

Uitbuitingscontext

Wie Loopt Risicowordt vertaald…

Detectiestappenwordt vertaald…

Aanvalstijdlijn

Dreigingsinformatie

Getroffen Software

Zwakheidsclassificatie (CWE)

Tijdlijn

Mitigatie en Workarounds

Hoe te verhelpenwordt vertaald…

CVE Beveiligingsnieuwsbrief

Veelgestelde vragenwordt vertaald…

What is CVE-2024-3322 — Path Traversal in lollms-webui?

Am I affected by CVE-2024-3322 in lollms-webui?

How do I fix CVE-2024-3322 in lollms-webui?

Is CVE-2024-3322 being actively exploited?

Where can I find the official lollms-webui advisory for CVE-2024-3322?

Is jouw project getroffen?

Detecteer deze CVE in je project