CVE-2024-6971

Name of the Vulnerable Software and Affected Versions lollms-webui (affected versions not specified) lollms (affected versions not specified)

Description A path traversal issue exists in the lollms file system.py file, specifically affecting the functions add rag database, toggle mount rag database, and vectorize folder. These functions lack security measures such as sanitize path from endpoint or sanitize path, allowing an attacker to perform vectorize operations on .sqlite files in any directory on the victim's computer. This could potentially lead to the installation of multiple packages and cause a crash.

Recommendations For lollms-webui, consider disabling the add rag database, toggle mount rag database, and vectorize folder functions until a patch is available. For lollms, consider disabling the add rag database, toggle mount rag database, and vectorize folder functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.