CVE-2024-6959
CVSS V2 None
CVSS V3 None
Description
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.
Overview
- CVE ID
- CVE-2024-6959
- Assigner
- @huntr_ai
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-13T12:28:19.491Z
- Last Modified Date
- 2024-10-13T12:28:19.491Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://huntr.com/bounties/6394d32e-f35c-418a-95b8-e7254ed0bc8e |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-6959 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6959 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-14 13:08:09 | Added to TrackCVE |