From f2cbec1471f9a8c61c6d373ea49bb12a0904d210 Mon Sep 17 00:00:00 2001
From: cad-safe-bot <cad-safe-bot@protonmail.com>
Date: Sat, 30 Mar 2024 19:03:28 +0000
Subject: [PATCH] Auto-Update: 2024-03-30T19:00:37.755072+00:00

---
 CVE-2024/CVE-2024-15xx/CVE-2024-1522.json | 59 +++++++++++++++++++++++
 README.md                                 | 11 ++---
 _state.csv                                |  5 +-
 3 files changed, 67 insertions(+), 8 deletions(-)
 create mode 100644 CVE-2024/CVE-2024-15xx/CVE-2024-1522.json

diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json
new file mode 100644
index 00000000000..3bd2a3f052f
--- /dev/null
+++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json
@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-1522",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-03-30T18:15:45.930",
+  "lastModified": "2024-03-30T18:15:45.930",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "I have activated the CORS because I had a development ui that uses another port number then I forgot to remove it.\n\nSo what I just did is :\n- First removed the cors configuration that allows everyone to access it :\nbefore:\n```python\n    sio = socketio.AsyncServer(async_mode=\"asgi\", cors_allowed_origins=\"*\", ping_timeout=1200, ping_interval=30)  # Enable CORS for every one\n```\nafter:\n```python\n    cert_file_path = lollms_paths.personal_certificates/\"cert.pem\"\n    key_file_path = lollms_paths.personal_certificates/\"key.pem\"\n    if os.path.exists(cert_file_path) and os.path.exists(key_file_path):\n        is_https = True\n    else:\n        is_https = False        \n\n    # Create a Socket.IO server\n    sio = socketio.AsyncServer(async_mode=\"asgi\", cors_allowed_origins=config.allowed_origins+[f\"https://localhost:{config['port']}\" if is_https else f\"http://localhost:{config['port']}\"], ping_timeout=1200, ping_interval=30)  # Enable CORS for selected origins\n```\n\n- Second, I have updated lollms to have two modes (a headless mode and a ui mode).\nAnd updated the /execute_code to block if the server is headless or is exposed\n```python\n@router.post(\"/execute_code\")\nasync def execute_code(request: Request):\n    \"\"\"\n    Executes Python code and returns the output.\n\n    :param request: The HTTP request object.\n    :return: A JSON response with the status of the operation.\n    \"\"\"\n    if lollmsElfServer.config.headless_server_mode:\n        return {\"status\":False,\"error\":\"Code execution is blocked when in headless mode for obvious security reasons!\"}\n\n    if lollmsElfServer.config.host==\"0.0.0.0\":\n        return {\"status\":False,\"error\":\"Code execution is blocked when the server is exposed outside for very obvipous reasons!\"}\n\n    try:\n        data = (await request.json())\n        code = data[\"code\"]\n        discussion_id = int(data.get(\"discussion_id\",\"unknown_discussion\"))\n        message_id = int(data.get(\"message_id\",\"unknown_message\"))\n        language = data.get(\"language\",\"python\")\n        \n\n\n        if language==\"python\":\n            ASCIIColors.info(\"Executing python code:\")\n            ASCIIColors.yellow(code)\n            return execute_python(code, discussion_id, message_id)\n        if language==\"javascript\":\n            ASCIIColors.info(\"Executing javascript code:\")\n            ASCIIColors.yellow(code)\n            return execute_javascript(code, discussion_id, message_id)\n        if language in [\"html\",\"html5\",\"svg\"]:\n            ASCIIColors.info(\"Executing javascript code:\")\n            ASCIIColors.yellow(code)\n            return execute_html(code, discussion_id, message_id)\n        \n        elif language==\"latex\":\n            ASCIIColors.info(\"Executing latex code:\")\n            ASCIIColors.yellow(code)\n            return execute_latex(code, discussion_id, message_id)\n        elif language in [\"bash\",\"shell\",\"cmd\",\"powershell\"]:\n            ASCIIColors.info(\"Executing shell code:\")\n            ASCIIColors.yellow(code)\n            return execute_bash(code, discussion_id, message_id)\n        elif language in [\"mermaid\"]:\n            ASCIIColors.info(\"Executing mermaid code:\")\n            ASCIIColors.yellow(code)\n            return execute_mermaid(code, discussion_id, message_id)\n        elif language in [\"graphviz\",\"dot\"]:\n            ASCIIColors.info(\"Executing graphviz code:\")\n            ASCIIColors.yellow(code)\n            return execute_graphviz(code, discussion_id, message_id)\n        return {\"status\": False, \"error\": \"Unsupported language\", \"execution_time\": 0}\n    except Exception as ex:\n        trace_exception(ex)\n        lollmsElfServer.error(ex)\n        return {\"status\":False,\"error\":str(ex)}\n```\n\nI also added an optional https mode and looking forward to add a full authentication with cookies and a personal session etc.\n\n\nAll updates will be in V 9.1 \n\n\nAgain, thanks alot for your work. I will make it harder next time, but if you find more bugs, just be my guest :)"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 6c0ac4cc6e1..e033bc1c0bd 100644
--- a/README.md
+++ b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-03-30T15:00:37.901925+00:00
+2024-03-30T19:00:37.755072+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-03-30T14:15:07.720000+00:00
+2024-03-30T18:15:45.930000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,15 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-243442
+243443
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `1`
 
-- [CVE-2024-3090](CVE-2024/CVE-2024-30xx/CVE-2024-3090.json) (`2024-03-30T13:15:45.663`)
-- [CVE-2024-3091](CVE-2024/CVE-2024-30xx/CVE-2024-3091.json) (`2024-03-30T14:15:07.720`)
+- [CVE-2024-1522](CVE-2024/CVE-2024-15xx/CVE-2024-1522.json) (`2024-03-30T18:15:45.930`)
 
 
 ### CVEs modified in the last Commit
diff --git a/_state.csv b/_state.csv
index 1a52312db57..95acab403a6 100644
--- a/_state.csv
+++ b/_state.csv
@@ -239095,6 +239095,7 @@ CVE-2024-1515,0,0,10b8f7584c1d46b0c128529ff6f70b319305352d97cad9adba528cb892ba5a
 CVE-2024-1516,0,0,0682d9e420aa946a0984c09969b8a3678dc3bf8e7ee03099492a3120e2d66ebf,2024-02-28T14:06:45.783000
 CVE-2024-1519,0,0,c896f4900048f4c20516f0867e21ed67ad610a4383bb1c6f7418db09defb6991,2024-02-29T13:49:29.390000
 CVE-2024-1521,0,0,e31c834264512a69616436064a77ed46807a9b0fc5577151a1db5822b2ee5d08,2024-03-27T12:29:30.307000
+CVE-2024-1522,1,1,c8358a8479805993163784de40b139db44de744ef037505028fe892ae3996399,2024-03-30T18:15:45.930000
 CVE-2024-1523,0,0,721970163db9a6dae0df03cedd71fdd66f1e0962f7f754fea5cd28f457c2c9b4,2024-02-15T06:23:39.303000
 CVE-2024-1525,0,0,fff84c6c726ad730b73a3bd54bd21496a1cae79f6fe36efed68cabad049a1519,2024-03-04T20:14:59.457000
 CVE-2024-1527,0,0,8f06fe1c17bff39e91c6d3012913ea5f8070ff383b8a0b61bb88d3bd435f1fdc,2024-03-12T17:46:17.273000
@@ -243425,8 +243426,8 @@ CVE-2024-3086,0,0,cc5a01ab88ce423f04c8e499fc5c4ae76ca65b66c37b46eb53fe666ff0b26b
 CVE-2024-3087,0,0,58a2a50b13efdc9006ff609b1b35a4d1f9aa703f618a30d89033d50f7e02b844,2024-03-30T11:15:50.123000
 CVE-2024-3088,0,0,75e336a30e6366575c15823fb5c1169d3c04cc034936f7f9923994a537b606f7,2024-03-30T11:15:50.483000
 CVE-2024-3089,0,0,d9e6000375bc975d92e9af606a08c79464dd8df87e00cc3a7780d662edd5a1a0,2024-03-30T12:15:07.730000
-CVE-2024-3090,1,1,041a60bb5db48d2385ac7440882bf24387cc4a4c84793d33c53aebe3dee428b4,2024-03-30T13:15:45.663000
-CVE-2024-3091,1,1,9228666915943527bd7b660c37f84937c5d51df8cece4dbce66d12f967ca2b48,2024-03-30T14:15:07.720000
+CVE-2024-3090,0,0,041a60bb5db48d2385ac7440882bf24387cc4a4c84793d33c53aebe3dee428b4,2024-03-30T13:15:45.663000
+CVE-2024-3091,0,0,9228666915943527bd7b660c37f84937c5d51df8cece4dbce66d12f967ca2b48,2024-03-30T14:15:07.720000
 CVE-2024-3094,0,0,c8cfb5d8db4948559902213da97949db9e528da393ca65060d5bc6149c3532fa,2024-03-30T11:15:50.713000
 CVE-2024-31032,0,0,f6232fe0ef0534ba6d6e20ea0777fd8892cbb87efba42355deb8d8634b00d21e,2024-03-29T17:15:20.993000
 CVE-2024-31061,0,0,3a611478260a969dc7c268c913c4f396b21e3b4ebcb9a4cb4b0ae2a352b58da0,2024-03-28T20:53:20.813000