CVE-2024-6959

NVD Published Date: October 13, 2024 at 01:15 PM
NVD Last Modified: November 03, 2024 at 05:15 PM
Download Patch
Vulnerability ID
CVE-2024-6959
Severity
HIGH
Severity Score
7.1
Summary
A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.
References
Mitigation and Patches
-
Exploits
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CWE ID
CWE-352

Recent Publish

KB5045993

KB5045998

CVE-2024-8902

CVE-2024-9894

KB5046056

KB5046057

See More ...

See SecOps Solution
in action

Schedule Demo
Agentless security for your infrastructure and applications - to build faster, more securely and in a fraction of the operational cost of other solutions
hello@secopsolution.com
+569-231-213
Compare
Qualys Cloud Agent Tenable Nessus Rapid7 InsightVM
Company
About Us Contact Career
Resources
Blog Sample Reports CVE Windows KB Case Studies eBooks Policy Templates Webinar
Try It
Patch Astra EPSS Calculator Contact Free Scan Schedule Demo Log In
© 2024  SecOps Solution, Inc.| Privacy Policy | Terms and Conditions .
Social Media :