CVE-2024-5443

Name of the Vulnerable Software and Affected Versions: parisneo/lollms versions prior to 9.5.1

Description: The issue arises from a path traversal vulnerability in the /mount extension endpoint, where the data.category and data.folder parameters can accept empty strings, leading to inadequate input sanitization. This allows attackers to construct a package path that points to the root directory. If an attacker can create a config.yaml file in a controllable path, this path can be appended to the extensions list and trigger the execution of init .py in the current directory, resulting in remote code execution.

Recommendations: For versions prior to 9.5.1, update to version 9.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the /mount extension endpoint and limiting the ability to create config.yaml files in controllable paths until a patch is applied. Additionally, disabling the ExtensionBuilder().build extension() function can help mitigate the risk of exploitation.