fkie_cve-2024-8736
Vulnerability from fkie_nvd
Published
2025-03-20 10:15
Modified
2025-04-04 09:15
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints.
References
security@huntr.devhttps://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4fExploit
134c704f-9b21-4f2e-91b3-4a467353bcc0https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4fExploit
Impacted products
Vendor Product Version
lollms lollms_web_ui 12


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:lollms:lollms_web_ui:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "13C2AF1C-0ECA-4677-8686-A1F6F67A5E0B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints."
    },
    {
      "lang": "es",
      "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en varios endpoints de carga de archivos de parisneo/lollms-webui versi\u00f3n V12 (Strawberry). Esta vulnerabilidad puede explotarse remotamente mediante Cross-Site Request Forgery (CSRF). A pesar de que la protecci\u00f3n CSRF impide la carga de archivos, la aplicaci\u00f3n sigue procesando l\u00edmites multiparte, lo que provoca el agotamiento de recursos. Al a\u00f1adir caracteres adicionales al l\u00edmite multiparte, un atacante puede provocar que el servidor analice cada byte del l\u00edmite, lo que en \u00faltima instancia provoca la indisponibilidad del servicio. Esta vulnerabilidad est\u00e1 presente en los endpoints `/upload_avatar`, `/upload_app` y `/upload_logo`."
    }
  ],
  "id": "CVE-2024-8736",
  "lastModified": "2025-04-04T09:15:16.237",
  "metrics": {
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "security@huntr.dev",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2025-03-20T10:15:43.720",
  "references": [
    {
      "source": "security@huntr.dev",
      "tags": [
        "Exploit"
      ],
      "url": "https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Exploit"
      ],
      "url": "https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f"
    }
  ],
  "sourceIdentifier": "security@huntr.dev",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "security@huntr.dev",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.