Parisneo Lollms-Webui Vulnerability Leads to Denial of Service and Remote Exploitation
CVE-2024-6959
7.1HIGH
Summary
A Denial of Service (DoS) vulnerability exists in version 9.8 of lollms-webui from Parisneo that can be triggered through the upload of an audio file with an excessive number of characters appended to the multipart boundary. This manipulation leads to continuous processing by the system, making lollms-webui unavailable to users. The absence of Cross-Site Request Forgery (CSRF) protection further complicates this issue, allowing attackers to exploit the flaw remotely. The result is significant service disruption and resource depletion, which can lead to prolonged downtime and negatively impact the availability of the service.
Affected Version(s)
parisneo/lollms-webui <= unspecified
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved