parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-04-16T00:00:14.761Z
Updated: 2024-08-01T18:40:21.481Z
Reserved: 2024-02-15T20:41:20.252Z
Link: CVE-2024-1569
Vulnrichment
Updated: 2024-08-01T18:40:21.481Z
NVD
Status : Awaiting Analysis
Published: 2024-04-16T00:15:09.060
Modified: 2024-04-16T13:24:07.103
Link: CVE-2024-1569
Redhat
No data.