36 results (0.003 seconds)

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

09 Aug 2024 — An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of the existing `anythingllm.db` file. By exploiting this vulnerability, attackers can serve malicious data to users or collect information about them. The vulnerability stems from the application's failure to properl... • https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2 • CWE-284: Improper Access Control •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

25 Jun 2024 — A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in the username field. This exploit results in the user management panel becoming unresponsive, preventing administrators from performing critical user management actions such as editing, suspending, or deleting users. ... • https://github.com/mintplex-labs/anything-llm/commit/3ef009de73c837f9025df8bba62572885c70c72f • CWE-400: Uncontrolled Resource Consumption •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

20 Jun 2024 — In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and after account creations (`POST /api/admin/users/new`). This exposure occurs because the entire User object, including the bcrypt password hash, is included in the response sent to the frontend. This practice could potentially lead to sensitive information exposure despite the use of bcrypt, a strong hashing algorit... • https://github.com/mintplex-labs/anything-llm/commit/9df4521113ddb9a3adb5d0e3941e7d494992629c • CWE-1230: Exposure of Sensitive Information Through Metadata •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

19 Jun 2024 — An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users ... • https://github.com/mintplex-labs/anything-llm/commit/e2439c6d4c3cfdacd96cd1b7b92d1f89c3cc8459 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0

12 Jun 2024 — A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables the manager to read, delete, or overwrite the 'anythingllm.db' database file and other files stored in the 'storage' directory, such as internal communication keys and .env secrets. Exploitation of this vulnerability could lead to application compromise, denial of service (DoS) attacks, and unauthorized admin ac... • https://github.com/mintplex-labs/anything-llm/commit/e208074ef4c240fe03e4147ab097ec3b52b97619 • CWE-29: Path Traversal: '\..\filename' •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 0

06 Jun 2024 — In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint `/workspace/:slug/thread/:threadSlug/update`. Specifically, the application fails to validate or check user input before passing it to the `workspace_thread` Prisma model for execution. This oversight allows attackers to craft a Prisma r... • https://github.com/mintplex-labs/anything-llm/commit/200bd7f0615347ed2efc07903d510e5a208b0afc • CWE-20: Improper Input Validation CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 2

06 Jun 2024 — A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead... • https://github.com/HugoBond/CVE-2024-31497-POC • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

06 Jun 2024 — mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request. mintplex-labs/anything-llm se ve afectado por una vulnerabilidad de consumo de recursos incontrolado en su endpoint de ca... • https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

06 Jun 2024 — A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security. Existe una vulnerabilidad de ... • https://github.com/mintplex-labs/anything-llm/commit/2374939ffb551ab2929d7f9d5827fe6597fa8caa • CWE-229: Improper Handling of Values CWE-307: Improper Restriction of Excessive Authentication Attempts •

CVSS: 9.6EPSS: 1%CPEs: 1EXPL: 0

06 Jun 2024 — A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the `POST /api/system/update-env` endpoint, which allows for the execution of arbitrary code on the host running anything-llm. The vulnerability is present in the latest version of anything-llm, with the latest commit identified as fde905aac1812b84066ff72e5f2f90b56d4c3a59. This issue has been fi... • https://github.com/mintplex-labs/anything-llm/commit/bfedfebfab032e6f4d5a369c8a2f947c5d0c5286 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •