We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.
Reserved 2024-07-20 | Published 2024-10-13 | Updated 2024-11-03 | Assigner @huntr_aiCWE-352 Cross-Site Request Forgery (CSRF)
huntr.com/bounties/6394d32e-f35c-418a-95b8-e7254ed0bc8e
Support options