Remote Code Execution in create_conda_env function in parisneo/lollms# CVE-2024-3121 - Remote Code Execution (RCE) in `parisneo/lollms`
**Discovered by:** Syed Jan Muhammad Zaidi
**GitHub:** [dark-ninja10](https://github.com/dark-ninja10)
**CVE ID:** CVE-2024-3121
**Repository Affected:** [parisneo/lollms](https://github.com/ParisNeo/lollms)
---
## 🧨 Vulnerability Summary
A **Remote Code Execution (RCE)** vulnerability exists in the `create_conda_env` function of the `lollms` framework. This function constructs a system command using unsanitized input, allowing attackers to inject arbitrary commands and gain code execution on the host.
---
## 🔥 Impact
An attacker with access to the `env_name` input parameter can execute arbitrary OS-level commands. This can result in:
- Complete system compromise
- Unauthorized data access or modification
- Installation of backdoors, malware, or crypto miners
- Lateral movement within the network
---
## 💣 Vulnerable Code
```python
process = subprocess.Popen(f'{conda_path} create --name {env_name} python={python_version} -y', shell=True)
```
Issue: The env_name variable is directly interpolated into a shell command without input validation or escaping, making it susceptible to shell injection.
## 🏷️ References
[CVE-2024-3121 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2024-3121)
[parisneo/lollms](https://github.com/ParisNeo/lollms)
[Full Huntr report](https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b)
[4.0K] /data/pocs/2366b7eaedd73360dbf5aa773127b34f1fce54b9
├── [ 516] exploit.py
└── [1.4K] README.md
0 directories, 2 files