Remote Code Execution in create_conda_env function in parisneo/lollms# CVE-2024-3121 - Remote Code Execution (RCE) in `parisneo/lollms`
**Discovered by:** Syed Jan Muhammad Zaidi
**GitHub:** [dark-ninja10](https://github.com/dark-ninja10)
**CVE ID:** CVE-2024-3121
**Repository Affected:** [parisneo/lollms](https://github.com/ParisNeo/lollms)
---
## 🧨 Vulnerability Summary
A **Remote Code Execution (RCE)** vulnerability exists in the `create_conda_env` function of the `lollms` framework. This function constructs a system command using unsanitized input, allowing attackers to inject arbitrary commands and gain code execution on the host.
---
## 🔥 Impact
An attacker with access to the `env_name` input parameter can execute arbitrary OS-level commands. This can result in:
- Complete system compromise
- Unauthorized data access or modification
- Installation of backdoors, malware, or crypto miners
- Lateral movement within the network
---
## 💣 Vulnerable Code
```python
process = subprocess.Popen(f'{conda_path} create --name {env_name} python={python_version} -y', shell=True)
```
Issue: The env_name variable is directly interpolated into a shell command without input validation or escaping, making it susceptible to shell injection.
## 🏷️ References
[CVE-2024-3121 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2024-3121)
[parisneo/lollms](https://github.com/ParisNeo/lollms)
[Full Huntr report](https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b)
登录后查看神龙缓存的 POC 文件快照
登录查看