198 matches found
AnythingLLM Security Vulnerability
AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a security vulnerability that stems from insufficient password checking...
PT-2024-15799 · Unknown · Anything-Llm
Name of the Vulnerable Software and Affected Versions: AnythingLLM affected versions not specified Description: If an instance of AnythingLLM is hosted on an internal network and the attacker is granted a permission level of manager or admin, they could link-scrape internally to resolve IPs of...
AnythingLLM Code Issue Vulnerability
AnythingLLM is a document chatbot that meets business requirements. AnythingLLM has a code issue vulnerability that stems from the presence of a server-side request forgery vulnerability. The vulnerability can be exploited to obtain AWS server data...
AnythingLLM Security Vulnerability
AnythingLLM is a business-compliant document chatbot. A security vulnerability exists in AnythingLLM that originates from a user with default privileges being able to delete documents uploaded by an administrator through certain actions...
AnythingLLM Cross-Site Scripting Vulnerability
AnythingLLM is a document chatbot that meets business requirements. AnythingLLM suffers from a cross-site scripting vulnerability that originates from injecting cross-site scripting into the chat box...
AnythingLLM Security Vulnerability
AnythingLLM is a business-compliant document chatbot. AnythingLLM has a security vulnerability that stems from the lack of any validation and is capable of including malicious links into submitted document links in the workspace...
CVE-2024-0455
CVE-2024-0455 concerns AnythingLLM where a web scraper can trigger a server-side request to the AWS EC2 metadata URL 169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance. If accessed by a user with manager/admin permissions (and in single-user mode) from wit...
CVE-2024-22422
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...
Directory traversal
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...
CVE-2024-22422
CVE-2024-22422 affects AnythingLLM. The vulnerability is in the public, unauthenticated data-export API route that uses the filename parameter to export files. A crafted input can bypass directory-filtering and crash the server when the export is deleted, yielding an unauthenticated Denial of Ser...
CVE-2024-22422 Unauthenticated Denial of Service (DOS) attack in AnythingLLM
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...
CVE-2024-22422 Unauthenticated Denial of Service (DOS) attack in AnythingLLM
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...
CVE-2024-22422 Unauthenticated Denial of Service (DOS) attack in AnythingLLM
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit 08d33cfd8 an unauthenticated API route file export can allow attacker to crash the server resulting in a denial of...
AnythingLLM Code Issue Vulnerability
AnythingLLM is a document chatbot that meets business requirements. A code issue vulnerability exists in AnythingLLM. An attacker exploited the vulnerability to cause a server crash, resulting in a denial of service...
AnythingLLM Access Control Error Vulnerability
AnythingLLM is a document chatbot that meets business requirements. An Access Control Error vulnerability exists in versions prior to AnythingLLM 0.1.0 that stems from incorrect access control...
AnythingLLM Security Vulnerability
AnythingLLM is a business-compliant document chatbot. A security vulnerability exists in versions of AnythingLLM prior to 0.0.1 that stems from the presence of relative path traversal...
AnythingLLM Security Vulnerability
AnythingLLM is a business-compliant document chatbot. A security vulnerability exists in versions of AnythingLLM prior to 0.0.1 that stems from the presence of an authentication bypass...
AnythingLLM SQL Injection Vulnerability
AnythingLLM is a document chatbot that meets business requirements. AnythingLLM versions prior to 0.0.1 suffer from a SQL injection vulnerability that stems from susceptibility to SQL injection attacks...