The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.
62 vulnerabilities with CWE-29
CVE-2024-6396
CRITICAL
aimhubio/aim <3.19.3 - RCE
CVSS 9.8
CVE-2024-5926
CRITICAL
Stitionai Devika - Denial of Service
CVSS 9.1
CVE-2024-6139
HIGH
parisneo/lollms <9.6 - Path Traversal
CVSS 7.3
CVE-2024-4841
LOW
Lollms-webui - Path Traversal
CVSS 3.3
CVE-2024-5443
CRITICAL
Pypi Lollms < 9.5.1 - Remote Code Execution
CVSS 9.8
CVE-2024-21518
HIGH
Opencart - Path Traversal
CVSS 7.2
CVE-2024-5211
HIGH
Mintplexlabs Anythingllm < 1.0.0 - Denial of Service
CVSS 7.2
CVE-2024-4320
CRITICAL
Lollms Web UI - Path Traversal
CVSS 9.8
CVE-2024-3429
CRITICAL
Lollms < 9.6 - Path Traversal
CVSS 9.8
CVE-2024-2928
HIGH
MLflow < 2.11.3 - Path Traversal
CVSS 7.5
CVE-2024-2624
CRITICAL
parisneo/lollms-webui - Path Traversal
CVSS 9.8
CVE-2024-2360
CRITICAL
Lollms Web UI - Path Traversal
CVSS 9.8
CVE-2024-2914
HIGH
deepjavalibrary/djl <0.27.0 - Path Traversal
CVSS 8.8
CVE-2024-2178
HIGH
parisneo/lollms-webui - Path Traversal
CVSS 7.5
CVE-2024-4322
HIGH
Lollms Web UI < 9.8 - Path Traversal
CVSS 7.5
CVE-2024-3848
HIGH
Lfprojects Mlflow < 2.12.1 - Path Traversal
CVSS 7.5
CVE-2024-3435
HIGH
Lollms Web UI < 9.5 - Remote Code Execution
CVSS 8.4
CVE-2024-2361
CRITICAL
Lollms Web UI < 9.5 - Path Traversal
CVSS 9.6
CVE-2024-2358
CRITICAL
Lollms Web UI < 9.5 - Remote Code Execution
CVSS 9.8
CVE-2024-34470
HIGH
HSC Mailinspector <5.2.18 - Path Traversal
CVSS 8.6
CVE-2024-3573
CRITICAL
mlflow/mlflow - LFI
CVSS 9.3
CVE-2024-2083
CRITICAL
Zenml < 0.55.5 - Path Traversal
CVSS 9.9
CVE-2024-1561
HIGH
gradio-app/gradio - Info Disclosure
CVSS 7.5
CVE-2023-6977
HIGH
MLflow < 2.9.2 - Information Disclosure
CVSS 7.5
CVE-2023-6975
CRITICAL
MLflow <= 2.9.2 - Command Injection
CVSS 9.8
Details
Vulnerabilities
62