CVE-2024-4078 - OpenCVE

A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f
https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d

History

No history.

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-05-16T09:03:49.562Z

Updated: 2024-08-08T14:40:25.921Z

Reserved: 2024-04-23T14:42:00.879Z

Link: CVE-2024-4078

Vulnrichment

Updated: 2024-08-01T20:33:51.663Z

NVD

Status : Awaiting Analysis

Published: 2024-05-16T09:15:15.313

Modified: 2024-05-16T13:03:05.353

Link: CVE-2024-4078

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4078", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-23T14:42:00.879Z", "datePublished": "2024-05-16T09:03:49.562Z", "dateUpdated": "2024-08-08T14:40:25.921Z"}, "containers": {"cna": {"title": "Arbitrary Code Execution in parisneo/lollms", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-16T09:03:49.562Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms", "versions": [{"version": "unspecified", "lessThan": "main", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d"}, {"url": "https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "cweId": "CWE-77"}]}], "source": {"advisory": "a55a8c04-df44-49b2-bcfa-2a2b728a299d", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:51.663Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d", "tags": ["x_transferred"]}, {"url": "https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "parisneo", "product": "lollms-webui", "cpes": ["cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.4.6", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-05-16T14:55:26.479896Z", "id": "CVE-2024-4078", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-08T14:40:25.921Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-4078", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-04-23T14:42:00.879Z", "datePublished": "2024-05-16T09:03:49.562Z", "dateUpdated": "2024-08-08T14:40:25.921Z"}, "containers": {"cna": {"title": "Arbitrary Code Execution in parisneo/lollms", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-05-16T09:03:49.562Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed."}], "affected": [{"vendor": "parisneo", "product": "parisneo/lollms", "versions": [{"version": "unspecified", "lessThan": "main", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d"}, {"url": "https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')", "cweId": "CWE-77"}]}], "source": {"advisory": "a55a8c04-df44-49b2-bcfa-2a2b728a299d", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:33:51.663Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d", "tags": ["x_transferred"]}, {"url": "https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-4078", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-05-16T14:55:26.479896Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:parisneo:lollms-webui:*:*:*:*:*:*:*:*"], "vendor": "parisneo", "product": "lollms-webui", "versions": [{"status": "affected", "version": "1.4.6"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-16T15:04:38.854Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the parisneo/lollms, specifically in the `/unInstall_binding` endpoint, allows for arbitrary code execution due to insufficient sanitization of user input. The issue arises from the lack of path sanitization when handling the `name` parameter in the `unInstall_binding` function, allowing an attacker to traverse directories and execute arbitrary code by loading a malicious `__init__.py` file. This vulnerability affects the latest version of the software. The exploitation of this vulnerability could lead to remote code execution on the system where parisneo/lollms is deployed."}, {"lang": "es", "value": "Una vulnerabilidad en parisneo/lollms, espec\u00edficamente en el endpoint `/unInstall_binding`, permite la ejecuci\u00f3n de c\u00f3digo arbitrario debido a una sanitizaci\u00f3n insuficiente de la entrada del usuario. El problema surge de la falta de sanitizaci\u00f3n de rutas al manejar el par\u00e1metro `name` en la funci\u00f3n `unInstall_binding`, lo que permite a un atacante atravesar directorios y ejecutar c\u00f3digo arbitrario cargando un archivo `__init__.py` malicioso. Esta vulnerabilidad afecta a la \u00faltima versi\u00f3n del software. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo en el sistema donde est\u00e1 implementado parisneo/lollms."}], "id": "CVE-2024-4078", "lastModified": "2024-05-16T13:03:05.353", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2024-05-16T09:15:15.313", "references": [{"source": "security@huntr.dev", "url": "https://github.com/parisneo/lollms/commit/7ebe08da7e0026b155af4f7be1d6417bc64cf02f"}, {"source": "security@huntr.dev", "url": "https://huntr.com/bounties/a55a8c04-df44-49b2-bcfa-2a2b728a299d"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "security@huntr.dev", "type": "Primary"}]}