← Back to CVE List

CVE-2024-1569

Published: 2024-04-16T00:15Z
Last Modified: 2024-11-21T08:50Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt