CVE-2024-6959

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Oct 13, 2024

Updated: Nov 3, 2024

CWE ID 352

Summary

CVE-2024-6959 is a Denial of Service (DoS) vulnerability affecting version 9.8 of parisneo/lollms-webui. An attacker can exploit this issue by appending an excessive number of characters to the end of a multipart boundary in an audio file upload. As a result, the system becomes overwhelmed, causing the web interface to become unresponsive and inaccessible. The absence of Cross-Site Request Forgery (CSRF) protection worsens the situation by enabling remote exploitation. This vulnerability can result in extended downtime due to service disruption and resource exhaustion.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/xJIK-o
https://www.cve.org/CVERecord?id=CVE-2024-6959
https://nvd.nist.gov/vuln/detail/CVE-2024-6959

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-6959

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations