cve/2024/CVE-2024-1569.md

### [CVE-2024-1569](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1569)
![](https://img.shields.io/static/v1?label=Product&message=parisneo%2Flollms-webui&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=unspecified%3C%209.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-400%20Uncontrolled%20Resource%20Consumption&color=brighgreen)

### Description

parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/timothee-chauvin/eyeballvul