Safety vulnerability ID: 78748
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of the lollms package are vulnerable to Path Traversal due to insufficient sanitization of the discussion_db_name parameter by the sanitize_path function. The apply_settings function fails to properly validate the discussion_db_name, allowing specially crafted values containing directory traversal sequences to manipulate file paths. A local attacker can exploit this by invoking apply_settings with a malicious discussion_db_name to write files into sensitive system directories, potentially altering system configuration or disrupting service availability.
Latest version: 11.0.0
A python library for AI personality definition
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application