2 matches found
CVE-2024-12580 Logs Debug Injection in danny-avila/librechat
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId, userId, and fileid in the /code/download/:sessionId/:fileId and /download/:userId/:fileid APIs are not validated or filtered, leading to potential log injection...
CVE-2024-12580
This CVE affects danny-avila/librechat prior to version 0.7.6. The vulnerability arises from unvalidated, unfiltered parameters in the code/download/:sessionId/:fileId and /download/:userId/:file_id APIs, enabling potential logs debug injection. Consequences stated include distortion of monitorin...