CVE-2024-8736

A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f	Exploit
https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:lollms:lollms_web_ui:12:*:*:*:*:*:*:*

History

04 Apr 2025, 09:15

Type	Values Removed	Values Added
CWE	~~CWE-400~~

01 Apr 2025, 20:31

Type	Values Removed	Values Added
References	~~() https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f -~~	() https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f - Exploit
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 6.5
First Time		Lollms lollms Web Ui Lollms
CPE		cpe:2.3:a:lollms:lollms_web_ui:12:::::::*
CWE		CWE-352

20 Mar 2025, 16:15

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de denegación de servicio (DoS) en varios endpoints de carga de archivos de parisneo/lollms-webui versión V12 (Strawberry). Esta vulnerabilidad puede explotarse remotamente mediante Cross-Site Request Forgery (CSRF). A pesar de que la protección CSRF impide la carga de archivos, la aplicación sigue procesando límites multiparte, lo que provoca el agotamiento de recursos. Al añadir caracteres adicionales al límite multiparte, un atacante puede provocar que el servidor analice cada byte del límite, lo que en última instancia provoca la indisponibilidad del servicio. Esta vulnerabilidad está presente en los endpoints `/upload_avatar`, `/upload_app` y `/upload_logo`.
References	~~() https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f -~~	() https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f -

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-04-04 09:15

NVD link : CVE-2024-8736

Mitre link : CVE-2024-8736

CVE.ORG link : CVE-2024-8736

JSON object : View

Products Affected

lollms

lollms_web_ui

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2024-8736", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:43.720", "references": [{"url": "https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f", "tags": ["Exploit"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/935dbc03-1b43-4dbb-b6cd-1aa95a789d4f", "tags": ["Exploit"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service (DoS) vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 (Strawberry). The vulnerability can be exploited remotely via Cross-Site Request Forgery (CSRF). Despite CSRF protection preventing file uploads, the application still processes multipart boundaries, leading to resource exhaustion. By appending additional characters to the multipart boundary, an attacker can cause the server to parse each byte of the boundary, ultimately leading to service unavailability. This vulnerability is present in the `/upload_avatar`, `/upload_app`, and `/upload_logo` endpoints."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en varios endpoints de carga de archivos de parisneo/lollms-webui versi\u00f3n V12 (Strawberry). Esta vulnerabilidad puede explotarse remotamente mediante Cross-Site Request Forgery (CSRF). A pesar de que la protecci\u00f3n CSRF impide la carga de archivos, la aplicaci\u00f3n sigue procesando l\u00edmites multiparte, lo que provoca el agotamiento de recursos. Al a\u00f1adir caracteres adicionales al l\u00edmite multiparte, un atacante puede provocar que el servidor analice cada byte del l\u00edmite, lo que en \u00faltima instancia provoca la indisponibilidad del servicio. Esta vulnerabilidad est\u00e1 presente en los endpoints `/upload_avatar`, `/upload_app` y `/upload_logo`."}], "lastModified": "2025-04-04T09:15:16.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lollms:lollms_web_ui:12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13C2AF1C-0ECA-4677-8686-A1F6F67A5E0B"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}

6.5 /10