CVE-2024-6959

A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/6394d32e-f35c-418a-95b8-e7254ed0bc8e	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:lollms:lollms_web_ui:9.8:*:*:*:*:*:*:*

History

No history.

Information

Published : 2024-10-13 13:15

Updated : 2024-11-03 17:15

NVD link : CVE-2024-6959

Mitre link : CVE-2024-6959

CVE.ORG link : CVE-2024-6959

JSON object : View

Products Affected

lollms

lollms_web_ui

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2024-6959", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}]}, "published": "2024-10-13T13:15:10.880", "references": [{"url": "https://huntr.com/bounties/6394d32e-f35c-418a-95b8-e7254ed0bc8e", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime."}, {"lang": "es", "value": "Una vulnerabilidad en la versi\u00f3n 9.8 de parisneo/lollms-webui permite un ataque de denegaci\u00f3n de servicio (DOS) al cargar un archivo de audio. Si un atacante agrega una gran cantidad de caracteres al final de un l\u00edmite de varias partes, el sistema procesar\u00e1 continuamente cada car\u00e1cter, lo que har\u00e1 que lollms-webui sea inaccesible. Este problema se ve agravado por la falta de protecci\u00f3n contra Cross-Site Request Forgery (CSRF), lo que permite la explotaci\u00f3n remota. La vulnerabilidad provoca la interrupci\u00f3n del servicio, el agotamiento de los recursos y un tiempo de inactividad prolongado."}], "lastModified": "2024-11-03T17:15:15.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms_web_ui:9.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9177E7C-9C27-4C3C-AC97-7F277FEEC725"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}