CVE-2024-1522 Information

Apr 02, 2024 cve

Description

I have activated the CORS because I had a development ui that uses another port number then I forgot to remove it.

So what I just did is :

First removed the cors configuration that allows everyone to access it : before:

    sio = socketio.AsyncServer(async_mode=sgi\ cors_allowed_origins=\ ping_timeout=1200 ping_interval=30)   Enable CORS for every one

after:

    cert_file_path = lollms_paths.personal_certificates/## Reference
[***https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71***](https://huntr.com/bounties/687cef92-3432-4d6c-af92-868eccabbb71)
[***https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b***](https://github.com/parisneo/lollms-webui/commit/0b51063119cfb5e391925d232a4af1de9dc32e2b)

Share on: