← Back to CVE List

CVE-2024-8736

Published: 2025-03-20T10:15Z
Last Modified: 2025-04-04T09:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt