Lucene search

CVE-2024-4286

🗓️ 26 May 2024 23:21:15Reported by @huntr_aiType

Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id `57984fa85c31988b2eff429adfc654c46e0c342a`. The vulnerability allows deletion of user threads, denial of access to submitted data, and injection of fake threads for social engineering attack

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 4
NVD	CVE-2024-4286	26 May 202423:15	–	nvd
OSV	CVE-2024-4286	26 May 202423:15	–	osv
Cvelist	CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm	26 May 202422:25	–	cvelist
Vulnrichment	CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm	26 May 202422:25	–	vulnrichment

Vulners

Node

mintplex-labs mintplex-labs/anything-llmMatch1.0.0

[
  {
    "vendor": "mintplex-labs",
    "product": "mintplex-labs/anything-llm",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "1.0.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
github	www.github.com/mintplex-labs/anything-llm/commit/1b35bcbeab10b77e6dbd263cceecf1b965a40789
huntr	www.huntr.com/bounties/a72d2923-297c-455f-af90-715e83b3da2b

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 May 2024 23:15Current

5Medium risk

Vulners AI Score5

CVSS34.9

EPSS0.00153

SSVC

CWE-917