CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension` endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure. This is facilitated by the `data.category` and `data.folder` parameters accepting empty strings (`""`), which, due to inadequate input sanitization, can lead to the construction of a `package_path` that points to the root directory. Consequently, if an attacker can create a `config.yaml` file in a controllable path, this path can be appended to the `extensions` list and trigger the execution of `__init__.py` in the current directory, leading to remote code execution. The vulnerability affects versions up to 5.9.0, and has been addressed in version 9.8.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published:

Updated: 2024-08-01T21:11:12.805Z

Reserved: 2024-05-28T18:53:00.148Z

Link: CVE-2024-5443

cve-icon Vulnrichment

Updated: 2024-08-01T21:11:12.805Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-06-22T17:15:34.410

Modified: 2024-11-21T09:47:41.690

Link: CVE-2024-5443

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T23:05:54Z