How severe is CVE-2024-3121?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2024-3121?

This is classified as CWE-94, which is a common weakness in software security.

CVE-2024-3121

MEDIUM Year: 2024

CVSS v3 Score

6.8

Medium

Weakness Type

CWE-94

View all →

Vulnerability Description

A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands.

CVE-2017-3753

MEDIUM

CVSS:6.8(Medium)

A vulnerability has been identified in some Lenovo products that use UEFI (BIOS) code developed by American Megatrends, Inc. (AMI). With this vulnerability, conditions exist where an attacker with adm...

CWE-942017

CVE-2019-8900

MEDIUM

CVSS:6.8(Medium)

A vulnerability in the SecureROM of some Apple devices can be exploited by an unauthenticated local attacker to execute arbitrary code upon booting those devices. This vulnerability allows arbitrary c...

CWE-942019

CVE-2021-3615

MEDIUM

CVSS:6.8(Medium)

A vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow code execution if a specific file exists on the attached SD card. This vulnerability is the same as CNVD-2021-45262...

CWE-942021

CVE-2021-38745

MEDIUM

CVSS:6.8(Medium)

Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through ...

CWE-942021

CVE-2022-41223

MEDIUM

CVSS:6.8(Medium)

The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection attack via crafted data due to insufficient restriction...

CWE-942022

CVE-2022-43486

MEDIUM

CVSS:6.8(Medium)

Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command o...

CWE-942022

CVE-2024-3121

Vulnerability Description

Related Vulnerabilities

CVE-2017-3753

CVE-2019-8900

CVE-2021-3615

CVE-2021-38745

CVE-2022-41223

CVE-2022-43486