CVE-2024-4403Cross-Site Request Forgery in Lollms-webui

CWE-352Cross-Site Request Forgery2 documents2 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 82.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Parisneo Lollms-webuiLollms Lollms-webui
Timeline
PublishedJun 10

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF forms. This issue affects the installation process, including the installation of Binding zoo and Models zoo, by unexpectedly resetting programs. The vulnerability is due to the lack of CSRF protectio

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5parisneo/parisneo_lollms-webuiunspecifiedlatest

🔴Vulnerability Details

1
GHSA
GHSA-8xp7-8ggj-xfq4: A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v92024-06-10