Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncontrolled Resource Consumption in parisneo/lollms-webui
Vulnerability Description
parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
LoLLMs 资源管理错误漏洞
Vulnerability Description
LoLLMs是Saifeddine ALOUI个人开发者的一个大型语言多模式系统的 Web UI。 LoLLMs 存在资源管理错误漏洞,该漏洞源于允许攻击者通过发送重复的 HTTP POST 请求来利用 /open_code_in_vs_code 和类似端点,无需进行身份验证,从而多次打开 Visual Studio Code 或默认文件夹打开器,这可能会耗尽系统资源而导致主机无法使用。
CVSS Information
N/A
Vulnerability Type
N/A