How severe is CVE-2024-6982?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2024-6982?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2024-6982 - HIGH Severity | CVSS 8.4

Vulnerability Description

A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's `eval()` function to evaluate mathematical expressions within a Python sandbox that disables `__builtins__` and only allows functions from the `math` module. This sandbox can be bypassed by loading the `os` module using the `_frozen_importlib.BuiltinImporter` class, allowing an attacker to execute arbitrary commands on the server. The issue is fixed in version 9.10.

Related Vulnerabilities

CVE-2016-7102

HIGH

CVSS:8.4(High)

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.

CWE-942016

CVE-2021-3661

HIGH

CVSS:8.4(High)

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential v...

CWE-942021

CVE-2024-13952

HIGH

CVSS:8.4(High)

Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*...

CWE-942024

CVE-2024-21760

HIGH

CVSS:8.4(High)

An improper control of generation of code ('Code Injection') vulnerability [CWE-94] in FortiSOAR Connector FortiSOAR 7.4 all versions, 7.3 all versions, 7.2 all versions, 7.0 all versions, 6.4 all ver...

CWE-942024

CVE-2024-23727

HIGH

CVSS:8.4(High)

The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.y...

CWE-942024

CVE-2024-28886

HIGH

CVSS:8.4(High)

OS command injection vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product opens a crafted UTAU project file (.ust file), an arbitrary OS command may be executed.

CWE-942024