Описание
parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the /open_code_in_vs_code and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.
Ссылки
- Patch
- ExploitThird Party Advisory
- Patch
- ExploitThird Party Advisory
Уязвимые конфигурации
EPSS
5.3 Medium
CVSS3
7.5 High
CVSS3
Дефекты
Связанные уязвимости
parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.
Уязвимость веб-интерфейса LoLLMS WebUI системы для запуска и управления большими языковыми моделями LoLLMS (Lord of Large Language Multimodal Systems), связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3
7.5 High
CVSS3