CVE-2024-1569

CVSS V2 None CVSS V3 None

Description

parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.

Overview

CVE ID
CVE-2024-1569

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-04-16T00:00:14.761Z

Last Modified Date
2024-06-04T18:00:08.316Z

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/369d1694-47e4-49bc-bb35-931ce4a5148e
https://github.com/parisneo/lollms-webui/commit/354cf766835396b7fc0d5105ed3b77572a653149

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-1569
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1569

History

Created	Old Value	New Value	Data Type	Notes
2024-06-26 06:34:01				Added to TrackCVE