CVE-2024-7058

Name of the Vulnerable Software and Affected Versions parisneo/lollms-webui versions v10 through latest

Description A vulnerability in the sanitize path function allows an attacker to bypass path sanitization by using relative paths such as './'. This can lead to unauthorized access to directories within the personality folder on the victim's computer.

Recommendations For parisneo/lollms-webui versions v10 through latest, as a temporary workaround, consider disabling the sanitize path function until a patch is available. Restrict access to the personality folder to minimize the risk of exploitation. Avoid using relative paths in the affected function until the issue is resolved.