CVE-2024-1569

Published: Apr 16, 2024Modified: Jul 7, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.

Affected (1)

Products: Lollms: Lollms Webui

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Lollms Lollms Webui	Version 9.1

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://github.com/parisneo/lollms-webui/commit/354cf766835396b7fc0d5105ed3b77572a653149

Source: security@huntr.dev

Patch

https://huntr.com/bounties/369d1694-47e4-49bc-bb35-931ce4a5148e

Source: security@huntr.dev

ExploitThird Party Advisory

https://github.com/parisneo/lollms-webui/commit/354cf766835396b7fc0d5105ed3b77572a653149

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://huntr.com/bounties/369d1694-47e4-49bc-bb35-931ce4a5148e

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.