CVE-2024-5443 – This CVE describes a path traversal vulnerabili... (How to Fix)

📋 TL;DR

This CVE describes a path traversal vulnerability in parisneo/lollms software that allows remote code execution. Attackers can exploit the /mount_extension endpoint by manipulating data.category and data.folder parameters to escape directory restrictions and execute arbitrary Python code. All users running versions up to 5.9.0 are affected.

💻 Affected Systems

Products:

parisneo/lollms

Versions: All versions up to and including 5.9.0

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in default configuration when the /mount_extension endpoint is accessible.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the server, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Remote code execution allowing attackers to run arbitrary commands, install malware, or pivot to other systems.

🟢

If Mitigated

Limited impact with proper input validation and directory restrictions preventing path traversal.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the vulnerable endpoint but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.8

Vendor Advisory: https://github.com/parisneo/lollms/commit/2d0c4e76be93195836ecd0948027e791b8a2626f

Restart Required: Yes

Instructions:

1. Update to version 9.8 or later using pip install --upgrade lollms
2. Restart the lollms service
3. Verify the patch is applied by checking the version

🔧 Temporary Workarounds

Disable /mount_extension endpoint

all

Block or disable access to the vulnerable endpoint if not required.

# Configure web server/firewall to block /mount_extension

Input validation middleware

all

Add input validation to reject empty strings in data.category and data.folder parameters.

# Implement input validation in application code

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the lollms service
Deploy web application firewall with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check if running lollms version <= 5.9.0 and the /mount_extension endpoint is accessible.

Check Version:

pip show lollms | grep Version

Verify Fix Applied:

Confirm version is 9.8 or higher and test that path traversal attempts are blocked.

📡 Detection & Monitoring

Log Indicators:

Requests to /mount_extension with empty or suspicious parameters
Unusual file operations in root directories

Network Indicators:

HTTP POST requests to /mount_extension with crafted payloads

SIEM Query:

source="web_logs" AND uri="/mount_extension" AND (data.category="" OR data.folder="")

📊 Metadata

CVE ID: CVE-2024-5443

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-29

Published: June 22, 2024

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-5443, you might also want to check these: