parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.
History

Mon, 07 Jul 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Lollms
Lollms lollms-webui
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:lollms:lollms-webui:9.1:*:*:*:*:*:*:*
Vendors & Products Lollms
Lollms lollms-webui
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-04-16T00:00:14.761Z

Updated: 2024-08-01T18:40:21.481Z

Reserved: 2024-02-15T20:41:20.252Z

Link: CVE-2024-1569

cve-icon Vulnrichment

Updated: 2024-08-01T18:40:21.481Z

cve-icon NVD

Status : Analyzed

Published: 2024-04-16T00:15:09.060

Modified: 2025-07-07T15:52:34.137

Link: CVE-2024-1569

cve-icon Redhat

No data.