{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50011?format=json","vulnerability_id":"VCID-13n2-acu3-myc6","summary":"A path traversal vulnerability exists in the `apply_settings` function of parisneo/lollms versions prior to 9.5.1. The `sanitize_path` function does not adequately secure the `discussion_db_name` parameter, allowing attackers to manipulate the path and potentially write to important system folders.","aliases":[{"alias":"CVE-2024-6281"}],"fixed_packages":[],"affected_packages":[],"references":[{"reference_url":"https://huntr.com/bounties/0a62f2fb-4e62-4128-9dc4-e8f1d959ac61","reference_id":"0a62f2fb-4e62-4128-9dc4-e8f1d959ac61","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T15:08:15Z/"}],"url":"https://huntr.com/bounties/0a62f2fb-4e62-4128-9dc4-e8f1d959ac61"},{"reference_url":"https://github.com/parisneo/lollms/commit/26a3ff35acf152b49e1087d5698ad4864c7b6092","reference_id":"26a3ff35acf152b49e1087d5698ad4864c7b6092","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-23T15:08:15Z/"}],"url":"https://github.com/parisneo/lollms/commit/26a3ff35acf152b49e1087d5698ad4864c7b6092"}],"weaknesses":[{"cwe_id":440,"name":"Expected Behavior Violation","description":"A feature, API, or function does not perform according to its specification."}],"exploits":[],"severity_range_score":"7.3 - 7.3","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-13n2-acu3-myc6"}