CVE-2024-4315 Overview
parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The sanitize_path_from_endpoint function fails to properly sanitize Windows-style paths (backward slash \), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including personalities and /del_preset, to read or delete any file on the Windows filesystem, compromising the system's availability.
Critical Impact
Unauthenticated remote attackers can read or delete arbitrary files on Windows systems running lollms, potentially leading to complete system compromise, data exfiltration, or denial of service through critical file deletion.
Affected Products
- parisneo/lollms version 9.5
- lollms installations running on Windows systems
- Deployments exposing lollms endpoints without additional access controls
Discovery Timeline
- 2024-06-12 - CVE-2024-4315 published to NVD
- 2025-10-15 - Last updated in NVD database
Technical Details for CVE-2024-4315
Vulnerability Analysis
This Local File Inclusion vulnerability stems from improper input validation in the path sanitization logic of lollms. The application implements a sanitize_path_from_endpoint function intended to prevent directory traversal attacks, but this function contains a critical flaw: it only processes forward slashes (/) for path normalization while ignoring Windows-style backward slashes (\).
On Windows systems, both forward and backward slashes are valid path separators. An attacker can craft malicious requests using backward slashes to bypass the sanitization entirely, enabling traversal sequences like ..\..\..\ to escape the intended directory and access arbitrary files on the filesystem.
The vulnerability affects multiple API endpoints, with confirmed exploitation vectors through the personalities route and the /del_preset endpoint. The former allows arbitrary file reading, while the latter enables file deletion operations—both without requiring authentication.
Root Cause
The root cause is incomplete path sanitization in the sanitize_path_from_endpoint function. The function was designed to prevent directory traversal by normalizing path separators and blocking ../ sequences, but the implementation only accounts for Unix-style forward slash path separators. This creates a bypass condition on Windows operating systems where the native path separator is the backward slash, which passes through the sanitization filter unprocessed.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker can send specially crafted HTTP requests to vulnerable lollms endpoints containing Windows-style directory traversal sequences.
For file reading attacks, the attacker targets endpoints that return file contents, using paths like ..\..\..\..\windows\system32\config\sam to access sensitive system files. For file deletion attacks, the /del_preset endpoint accepts a path parameter that, when exploited with traversal sequences, can delete arbitrary files including critical system files or application data.
The attack is particularly dangerous because lollms is an AI assistant framework that may run with elevated privileges and handle sensitive configuration files containing API keys and credentials.
Detection Methods for CVE-2024-4315
Indicators of Compromise
- HTTP requests to lollms endpoints containing backward slash directory traversal sequences (..\)
- Unusual file access patterns in Windows security logs from the lollms process
- Requests to /del_preset or personalities endpoints with path parameters containing multiple parent directory references
- Missing or deleted critical system or application files without authorized changes
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block requests containing ..\\ or encoded variants (%5C, %2E%2E%5C)
- Monitor lollms application logs for path parameters with directory traversal indicators
- Deploy endpoint detection and response (EDR) solutions to identify anomalous file access by web application processes
- Enable Windows file auditing on sensitive directories to track unauthorized access attempts
Monitoring Recommendations
- Configure security monitoring to alert on HTTP requests containing path traversal patterns targeting lollms endpoints
- Review lollms access logs for unusual patterns of requests to personalities and /del_preset routes
- Implement file integrity monitoring (FIM) on critical system directories to detect unauthorized file deletion
- Monitor the lollms process for file operations outside its expected working directories
How to Mitigate CVE-2024-4315
Immediate Actions Required
- Update lollms to a patched version that addresses this vulnerability
- Restrict network access to lollms endpoints using firewall rules or reverse proxy authentication
- Deploy a WAF with rules to block directory traversal attempts using both forward and backward slashes
- Review file access logs to identify any potential exploitation attempts
Patch Information
A security patch addressing this vulnerability is available via the lollms GitHub commit. The fix modifies the sanitize_path_from_endpoint function to properly normalize both Unix-style forward slashes and Windows-style backward slashes before applying directory traversal protections.
Users should update to the latest version of lollms that includes commit 95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6 or later. Additional details about the vulnerability and its discovery can be found at the Huntr security bounty page.
Workarounds
- Place lollms behind a reverse proxy that normalizes all path separators before forwarding requests
- Implement network segmentation to limit access to lollms endpoints from trusted networks only
- Run lollms with minimal filesystem permissions using a dedicated low-privilege service account
- Temporarily disable the /del_preset endpoint if file deletion functionality is not required
# Example: Restrict access to lollms using iptables (Linux host running lollms for remote Windows clients)
# Allow only trusted IP ranges to access lollms service port
iptables -A INPUT -p tcp --dport 9600 -s 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 9600 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
