VYPR
Unrated severityNVD Advisory· Published Oct 29, 2024· Updated Oct 29, 2024

CSRF Vulnerability in parisneo/lollms-webui

CVE-2024-6673

Description

A Cross-Site Request Forgery (CSRF) vulnerability exists in the install_comfyui endpoint of the lollms_comfyui.py file in the parisneo/lollms-webui repository, versions v9.9 to the latest. The endpoint uses the GET method without requiring a client ID, allowing an attacker to trick a victim into installing ComfyUI. If the victim's device does not have sufficient capacity, this can result in a crash.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Lollms/Lollmsllm-fuzzy2 versions
    >=9.9+ 1 more
    • (no CPE)range: >=9.9
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.