LoLLMs (Lord of Large Language Multimodal Systems) Web UI 9.6

CPE Details

LoLLMs (Lord of Large Language Multimodal Systems) Web UI 9.6
lollms
lollms_web_ui
9.6
2024-10-14
11h29 +00:00
2024-10-14
11h29 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:lollms:lollms_web_ui:9.6:*:*:*:*:*:*:*

Informations

Vendor

lollms

Product

lollms_web_ui

Version

9.6

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-6673 2024-10-29 12h50 +00:00 A Cross-Site Request Forgery (CSRF) vulnerability exists in the `install_comfyui` endpoint of the `lollms_comfyui.py` file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.
6.5
Medium
CVE-2024-6674 2024-10-29 12h46 +00:00 A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other services. This vulnerability can also enable attackers to perform actions on behalf of a user, such as deleting a project or sending a message. The issue impacts the confidentiality and integrity of the information.
7.1
High