Home > Vulnerability Database > CVE-2024-6139

Mend.io Vulnerability Database

CVE-2024-6139

Date: June 27, 2024

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the `tts_to_file` endpoint.

Language: Python

Severity Score

7.3

Related Resources (4)

Url: https://github.com/ParisNeo/lollms

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-6139

Url: https://huntr.com/bounties/fd00f112-efd0-40a1-8227-d6733716e4c0

Url: https://www.mend.io/vulnerability-database/CVE-2024-6139

Severity Score

7.3

Weakness Type (CWE)

Path Traversal: '..filename'

CWE-29

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-6139

Date: June 27, 2024

Language: Python

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?