Vulnerability Database

296,489

Total vulnerabilities in the database

CVE-2024-6139

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system and enumerate file paths. The issue arises from improper validation of user-provided file paths in the tts_to_file endpoint.

Published: Jun 27, 2024
Updated: May 4, 2025
CVE: CVE-2024-6139
GHSA: GHSA-w9qf-83jg-2x6c
Severity: High
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWEs:

CWE-29

Affected Software
References

Software	From	Fixed in
lollms	-	9.5.1.x

https://huntr.com/bounties/fd00f112-efd0-40a1-8227-d6733716e4c0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo