Vulnerability Details CVE-2024-0440
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 9.6
References
- https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
- https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
- https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
- https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
Products affected by CVE-2024-0440
-
cpe:2.3:a:mintplexlabs:anythingllm:-