lollms (parisneo/lollms), Unauthenticated SocketIO Event Handlers, CVE-2024-XXXXX (Critical)

Listen to this Post

How the CVE Works (Technical Details):

The vulnerability resides in the `add_events` function within lollms_generation_events.py. This function registers critical server-side Socket.IO event handlers—generate_text, cancel_generation, generate_msg, and generate_msg_from—without any authentication or authorization middleware. Consequently, any unauthenticated client connecting to the Socket.IO namespace can emit these events directly to the server. This bypasses intended controls and allows attackers to trigger resource-intensive AI generation tasks, leading to Denial-of-Service (DoS) via resource exhaustion. Furthermore, the server manages operation state through global variables (lollmsElfServer.busy, lollmsElfServer.cancel_gen). An unauthenticated client can set the `cancel_gen` flag, abruptly terminating processes for all users, causing state corruption and race conditions. The absence of access control on these high-impact events and the insecure, global state management in a multi-client WebSocket environment fundamentally compromise service integrity and availability.

dailycve form:

Platform: parisneo/lollms
Version: 5.9.0
Vulnerability: Unauthenticated Socket.IO access
Severity: Critical
date: 2024

Prediction: 2024-05-15

What Undercode Say:

Analytics:

grep -n "add_events|socket.on" lollms_generation_events.py
netstat -tulpn | grep :9600
Example vulnerable pattern in add_events
@socketio.on('generate_text')
def handle_generate(data):
NO AUTH CHECK
lollmsElfServer.busy = True

How Exploit:

python3 -c "import socketio; sio = socketio.Client(); sio.connect('http://target:9600'); sio.emit('cancel_generation', {})"

Protection from this CVE

Implement Socket.IO middleware.

Add authentication decorators.

Use per-session state.

Impact:

Denial of Service.

State Corruption.

Race Conditions.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top