CVE-2024-8581

Name of the Vulnerable Software and Affected Versions parisneo/lollms-webui version V12 (Strawberry)

Description The issue concerns a function named upload app that does not properly filter user input for the filename value, leading to a Path Traversal error. This allows an attacker to delete any file or directory on the system.

Recommendations For parisneo/lollms-webui version V12 (Strawberry), consider disabling the upload app function until a patch is available to prevent potential exploitation. Restrict access to sensitive files and directories to minimize the risk of deletion.