Safety vulnerability ID: 78729
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of the lollms package are vulnerable to Path Traversal due to an unauthenticated root folder settings change in the XTTS server. The XTTS server’s configuration endpoint allows modification of the root folder to “/” without authentication, bypassing protective checks in the read file endpoint and enabling directory traversal through both file reading and output directory manipulation. A remote attacker can exploit this by changing the root folder via an unauthenticated request, resulting in arbitrary file access and the ability to write audio files to any location on the system, compromising confidentiality and integrity.
Latest version: 11.0.0
A python library for AI personality definition
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application