CVSS: 4.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-2965 – Denial-of-Service in LangChain SitemapLoader in langchain-ai/langchain
https://notcve.org/view.php?id=CVE-2024-2965
A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-community` package, affecting all versions. ... Existe una vulnerabilidad de denegación de servicio (DoS) en la clase `SitemapLoader` del repositorio `langchain-ai/langchain`, que afecta a todas las versiones. ... A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. • https://huntr.com/bounties/90b0776d-9fa6-4841-aac4-09fde5918cae https://github.com/langchain-ai/langchain/commit/73c42306745b0831aa6fe7fe4eeb70d2c2d87a82 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2024-3429 – Path Traversal in parisneo/lollms
https://notcve.org/view.php?id=CVE-2024-3429
Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. ... Una explotación exitosa podría dar lugar a acceso no autorizado a archivos confidenciales, divulgación de información y, potencialmente, una condición de denegación de servicio (DoS) al incluir numerosos archivos grandes o que consumen muchos recursos. • https://github.com/parisneo/lollms/commit/f4424cfc3d6dfb3ad5ac17dd46801efe784933e9 https://huntr.com/bounties/fd8f50c8-17f0-40be-a2c6-bb8d80f7c409 • CWE-29: Path Traversal: '\..\filename' •
CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0CVE-2024-3153 – Uncontrolled Resource Consumption in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-3153
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request. mintplex-labs/anything-llm se ve afectado por una vulnerabilidad de consumo de recursos incontrolado en su endpoint de carga de archivos, lo que genera una condición de denegación de servicio (DOS). Específicamente, el servidor se puede cerrar enviando una solicitud de carga no válida. Un atacante con la capacidad de cargar documentos puede aprovechar esta vulnerabilidad para provocar una condición de DOS manipulando la solicitud de carga. • https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9 https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.2EPSS: 0%CPEs: -EXPL: 0CVE-2024-1873 – Path Traversal and Denial of Service in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-1873
parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. ... This flaw enables attackers to create directories anywhere on the system where the application has permissions, potentially leading to denial of service by creating directories with names of critical files, such as HTTPS certificate files, causing server startup failures. • https://huntr.com/bounties/c1cfc0d9-517a-4d0e-bf1c-6444c1fd195d • CWE-749: Exposed Dangerous Method or Function •
CVSS: 8.3EPSS: 0%CPEs: -EXPL: 1CVE-2024-2288 – CSRF File Upload Vulnerability in parisneo/lollms-webui
https://notcve.org/view.php?id=CVE-2024-2288
This vulnerability allows attackers to change a victim's profile picture without their consent, potentially leading to a denial of service by overloading the filesystem with files. • https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9 https://github.com/parisneo/lollms-webui/commit/ed085e6effab2b1e25ba2b00366a16ff67d8551b https://huntr.com/bounties/2a37ae0c-890a-401a-8f3c-a261f3006290 • CWE-352: Cross-Site Request Forgery (CSRF) •