CVE-2024-5443
Path Traversal: '\..\filename' (CWE-29)
Summary
CVE-2024-5443 is a path traversal vulnerability in the parisneo/lollms software, specifically in the ExtensionBuilder().build_extension() function. The /mount_extension endpoint allows attackers to navigate beyond the intended directory structure due to improper input validation of the data.category and data.folder parameters. By creating a config.yaml file in a controlled path, an attacker can execute __init__.py and achieve remote code execution. This vulnerability affects versions up to 5.9.0.
Impact
This vulnerability allows remote attackers to execute arbitrary code on the vulnerable system, leading to complete system compromise. Attackers could steal sensitive data, install malware, disrupt services, or gain persistent control over the system.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
A patch has been released in version 9.8 to address this vulnerability. Users are strongly recommended to update to the patched version immediately.
Mitigation
If patching is not possible immediately, apply input validation on the data.category and data.folder parameters to prevent path traversal attacks. Monitor for any suspicious activity and restrict access to the vulnerable system as much as possible until it can be patched.
Timeline
NVD published the first details for CVE-2024-5443
Feedly found the first article mentioning CVE-2024-5443. See article
Feedly estimated the CVSS score as HIGH
EPSS Score was set to: 0.04% (Percentile: 9.1%)
A CVSS base score of 9.8 has been assigned.