LoLLMs (Lord of Large Language Multimodal Systems) Web UI 9.8

CPE Details

LoLLMs (Lord of Large Language Multimodal Systems) Web UI 9.8
lollms
lollms_web_ui
9.8
2024-10-14
11h29 +00:00
2024-10-14
11h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lollms:lollms_web_ui:9.8:*:*:*:*:*:*:*

Informations

Vendor

lollms

Product

lollms_web_ui

Version

9.8

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-6673 2024-10-29 12h50 +00:00 A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.
6.5
Medium
CVE-2024-6674 2024-10-29 12h46 +00:00 A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user, such as deleting a project or sending a message. The issue impacts the confidentiality and integrity of the information.
7.1
High
CVE-2024-6959 2024-10-13 12h28 +00:00 A vulnerability in parisneo/lollms-webui version 9.8 allows for a Denial of Service (DOS) attack when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering lollms-webui inaccessible. This issue is exacerbated by the lack of Cross-Site Request Forgery (CSRF) protection, enabling remote exploitation. The vulnerability leads to service disruption, resource exhaustion, and extended downtime.
7.1
High