CVE-2024-1569

Published: Apr 16, 2024

Modified: Aug 1, 2024

PUBLISHED

CVSS v3.0

5.3

MEDIUM

Description

parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.

Vendor	Product	Versions
parisneo	parisneo/lollms-webui	affected `unspecified - < 9.2`

Weaknesses (CWE)

CWE-400

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

https://huntr.com/bounties/369d1694-47e4-49bc-bb35-931ce4a5148e

https://github.com/parisneo/lollms-webui/commit/354cf766835396b7fc0d5105ed3b77572a653149

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-1569

Description

Affected Products

Weaknesses (CWE)

CVSS v3.0 Details

References