Path Traversal Vulnerability in Parisneo Lollms Package
CVE-2024-6139
Currently unrated
What is CVE-2024-6139?
A path traversal vulnerability is present in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability enables an attacker to write audio files to arbitrary locations within the system and allows file path enumeration. The root cause stems from insufficient validation of user-provided file paths during the interaction with the tts_to_file endpoint, posing significant risks to system integrity and data confidentiality.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.