CVE-2024-5482 — Server-Side Request Forgery in Lollms-webui

CWE-918 — Server-Side Request Forgery2 documents2 sources

Severity

9.8CRITICALNVD

EPSS

0.3%

top 43.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Parisneo Lollms-webui

Timeline

PublishedJun 6

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs, including those that target internal resources such as 'localhost' or '127.0.0.1'. This flaw enables attackers to make unauthorized requests to internal or external systems, potentially leading to acc…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5parisneo/parisneo_lollms-webuiunspecified — latest

🔴Vulnerability Details

GHSA

GHSA-gfw7-f889-5p73: A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest↗2024-06-06

▶