Vulnerability Details CVE-2024-0763
Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.9%
CVSS Severity
CVSS v3 Score 8.1
References
- https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c
- https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5
- https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c
- https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5
Products affected by CVE-2024-0763
-
cpe:2.3:a:mintplexlabs:anythingllm:-
-
cpe:2.3:a:mintplexlabs:anythingllm:0.0.1
-
cpe:2.3:a:mintplexlabs:anythingllm:0.1.0