CVE-2024-8898

Summary

CVE-2024-8898 is a newly disclosed path traversal vulnerability affecting the `install` and `uninstall` API endpoints in version V12 of the parisneo/lollms-webui project, named Strawberry. This vulnerability enables attackers to manipulate user-supplied input with insufficient sanitization, allowing them to create or delete directories with arbitrary paths outside the intended directory structure. Successful exploitation could lead to unauthorized system access, data theft, or denial of service attacks. Users of this software are strongly advised to apply the forthcoming patch or upgrade as soon as possible to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.