We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'process_folder' function within 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Specifically, the function fails to properly sanitize user-supplied input for the 'code_folder_path', allowing an attacker to specify arbitrary paths using '../' or absolute paths. This flaw leads to arbitrary file read and overwrite capabilities in specified directories without limitations, posing a significant risk of sensitive information disclosure and unauthorized file manipulation.
Reserved 2024-04-04 | Published 2024-06-06 | Updated 2024-08-01 | Assigner @huntr_aiCWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
huntr.com/bounties/e0822362-033a-4a71-b1dc-d803f03bd427
github.com/...ommit/1e17df01e01d4d33599db2afaafe91d90b6f0189
Support options