CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4084 – SSRF vulnerability in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2024-4084
05 Jun 2024 — A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172, 10, and 127 through regular expressions and limit access protocols to HTTP and HTTPS, attackers can still bypass these restrictions using alternative representations of IP addresses and accessing other ports run... • https://huntr.com/bounties/bf44517e-a07d-4f54-89b4-3b05fca2a008 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 2%CPEs: 1EXPL: 1CVE-2024-22422 – Unauthenticated Denial of Service (DOS) attack in AnythingLLM
https://notcve.org/view.php?id=CVE-2024-22422
19 Jan 2024 — AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file fro... • https://github.com/Mintplex-Labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5833 – Improper Access Control in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2023-5833
30 Oct 2023 — Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. Control de acceso inadecuado en el repositorio de GitHub mintplex-labs/anything-llm anterior a 0.1.0. • https://github.com/mintplex-labs/anything-llm/commit/d5b1f84a4c7991987eac3454d4f1b4067841d783 • CWE-284: Improper Access Control •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5832 – Improper Input Validation in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2023-5832
30 Oct 2023 — Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. Validación de entrada incorrecta en el repositorio de GitHub mintplex-labs/anything-llm anterior a 0.1.0. • https://github.com/mintplex-labs/anything-llm/commit/18798c5b640018aaee924e0afd941705d88df92e • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4897 – Relative Path Traversal in mintplex-labs/anything-llm
https://notcve.org/view.php?id=CVE-2023-4897
11 Sep 2023 — Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Path Traversal Relativo en el repositorio de GitHub mintplex-labs/anything-llm anterior a 0.0.1. • https://github.com/mintplex-labs/anything-llm/commit/3c88aec034934bcbad30c5ef1cab62cbbdb98e64 • CWE-23: Relative Path Traversal •