Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 1:5 p.m.6 views

CVE-2024-10359

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...

4.6CVSS6.8AI score0.00348EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.45 views

CVE-2024-10359

In danny-avila/librechat v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field via mass assignment. The root cause is that the backend saves the entire object received without validating attributes/values, allowing an attacker to inj...

4.6CVSS6.8AI score0.00348EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-10359 Mass Assignment in Preset Creation Allows User ID Manipulation in danny-avila/librechat

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...

4.6CVSS0.00348EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:10 a.m.6 views

CVE-2024-10359 Mass Assignment in Preset Creation Allows User ID Manipulation in danny-avila/librechat

In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...

4.6CVSS6AI score0.00348EPSS
Exploits1References4
Rows per page
Query Builder