parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.
Metrics
Affected Vendors & Products
References
History
Mon, 07 Jul 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lollms
Lollms lollms-webui |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:lollms:lollms-webui:9.1:*:*:*:*:*:*:* | |
Vendors & Products |
Lollms
Lollms lollms-webui |
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-04-16T00:00:14.761Z
Updated: 2024-08-01T18:40:21.481Z
Reserved: 2024-02-15T20:41:20.252Z
Link: CVE-2024-1569

Updated: 2024-08-01T18:40:21.481Z

Status : Analyzed
Published: 2024-04-16T00:15:09.060
Modified: 2025-07-07T15:52:34.137
Link: CVE-2024-1569

No data.