Safety vulnerability ID: 78743
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of the lollms package are vulnerable to Path Traversal due to improper validation of user-provided file paths in the tts_to_file endpoint. The `tts_to_file` endpoint in the XTTS server fails to sanitize path components, allowing directory traversal beyond the intended audio output directory. An attacker can exploit this by providing crafted file paths to cause the lollms package to write audio files to arbitrary locations on the host filesystem and to enumerate directory structure, potentially overwriting files or exposing sensitive system paths.
Latest version: 11.0.0
A python library for AI personality definition
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application