Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7962 | 1 Gaizhenbiao | 2 Chuanhuchatgpt, Gaizhenbiao\/chuanhuchatgpt | 2024-11-01 | 7.5 High |
| An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials. | ||||
| CVE-2024-7774 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain-ai\/langchainjs | 2024-10-31 | 9.1 Critical |
| A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. | ||||
| CVE-2024-4320 | 1 Lollms | 1 Lollms Web Ui | 2024-10-17 | 9.8 Critical |
| A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route handler. The vulnerability arises due to improper handling of the `name` parameter in the `ExtensionBuilder().build_extension()` method, which allows for local file inclusion (LFI) leading to arbitrary code execution. An attacker can exploit this vulnerability by crafting a malicious `name` parameter that causes the server to load and execute a `__init__.py` file from an arbitrary location, such as the upload directory for discussions. This vulnerability affects the latest version of parisneo/lollms-webui and can lead to remote code execution without requiring user interaction, especially when the application is exposed to an external endpoint or operated in headless mode. | ||||
| CVE-2024-2360 | 1 Lollms | 1 Lollms Web Ui | 2024-10-17 | 9.8 Critical |
| parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the 'discussion_db_name' parameter. | ||||
| CVE-2024-2624 | 1 Lollms | 1 Lollms Web Ui | 2024-10-15 | 9.8 Critical |
| A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get("/switch_personal_path")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient sanitization of user-supplied input for the `path` parameter, allowing an attacker to specify arbitrary file system paths. This flaw enables direct arbitrary file uploads, leakage of `personal_data`, and overwriting of configurations in `lollms-webui`->`configs` by exploiting the same named directory in `personal_data`. The issue affects the latest version of the application and is fixed in version 9.4. Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files. | ||||
| CVE-2024-2928 | 1 Lfprojects | 1 Mlflow | 2024-10-11 | 7.5 High |
| A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks. | ||||
| CVE-2024-6394 | 1 Parisneo | 1 Lollms-webui | 2024-10-01 | N/A |
| A Local File Inclusion vulnerability exists in parisneo/lollms-webui versions below v9.8. The vulnerability is due to unverified path concatenation in the `serve_js` function in `app.py`, which allows attackers to perform path traversal attacks. This can lead to unauthorized access to arbitrary files on the server, potentially exposing sensitive information such as private SSH keys, configuration files, and source code. | ||||
| CVE-2024-2914 | 1 Djl | 1 Deep Java Library | 2024-09-26 | 8.8 High |
| A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. The vulnerability is due to improper validation of file paths during the extraction of tar files, as demonstrated in multiple occurrences within the library's codebase, including but not limited to the files_util.py and extract_imagenet.py scripts. | ||||
| CVE-2024-3429 | 1 Lollms | 1 Lollms | 2024-09-25 | 9.8 Critical |
| A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.6. | ||||
| CVE-2023-6130 | 1 Salesagility | 1 Suitecrm | 2024-08-30 | 8.8 High |
| Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. | ||||
| CVE-2022-2788 | 1 Emerson | 1 Electric\'s Proficy | 2024-08-03 | 3.9 Low |
| Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. | ||||
| CVE-2023-6977 | 1 Lfprojects | 1 Mlflow | 2024-08-02 | 7.5 High |
| This vulnerability enables malicious users to read sensitive files on the server. | ||||
| CVE-2023-6975 | 1 Lfprojects | 1 Mlflow | 2024-08-02 | 9.8 Critical |
| A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information. | ||||
| CVE-2023-6909 | 1 Lfprojects | 1 Mlflow | 2024-08-02 | 7.5 High |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | ||||
| CVE-2023-6831 | 1 Lfprojects | 1 Mlflow | 2024-08-02 | 8.1 High |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. | ||||
| CVE-2023-6023 | 1 Vertaai | 1 Modeldb | 2024-08-02 | 7.5 High |
| An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter. | ||||
| CVE-2023-6021 | 1 Ray Project | 1 Ray | 2024-08-02 | 7.5 High |
| LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 | ||||
| CVE-2023-2984 | 2 Microsoft, Pimcore | 2 Windows, Pimcore | 2024-08-02 | 8.8 High |
| Path Traversal: '\..\filename' in GitHub repository pimcore/pimcore prior to 10.5.22. | ||||
| CVE-2023-2780 | 1 Lfprojects | 1 Mlflow | 2024-08-02 | 9.8 Critical |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | ||||
| CVE-2023-1177 | 1 Lfprojects | 1 Mlflow | 2024-08-02 | 9.3 Critical |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | ||||