3 matches found
CVE-2024-8736 Denial of Service (DoS) via Multipart Boundary in parisneo/lollms-webui
A Denial of Service DoS vulnerability exists in multiple file upload endpoints of parisneo/lollms-webui version V12 Strawberry. The vulnerability can be exploited remotely via Cross-Site Request Forgery CSRF. Despite CSRF protection preventing file uploads, the application still processes multipa...
CVE-2024-8736
CVE-2024-8736 affects parisneo/lollms-webui (V12 Strawberry). The DoS arises from how multipart boundaries are processed in the /upload_avatar, /upload_app, and /upload_logo endpoints despite CSRF protections, causing resource exhaustion and possible service unavailability. Public details describ...
Patch bypass (Insufficient Patch) of CVE-2024-8736 leads to DoS
This report is not public...