Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2024/06/06 6:19 p.m.17 views

CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

5.3CVSS7.3AI score0.00453EPSS
Exploits1References2
OSV
OSV
added 2024/06/06 6:19 p.m.16 views

CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

5.3CVSS6.2AI score0.00453EPSS
Exploits1References4
Cvelist
Cvelist
added 2024/06/06 6:19 p.m.28 views

CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

5.3CVSS0.00453EPSS
Exploits1References2
CVE
CVE
added 2024/06/06 6:19 p.m.84 views

CVE-2024-3102

CVE-2024-3102 affects mintplex-labs/anything-llm via a JSON Injection in the login flow, specifically the username parameter at /api/request-token. The root cause is improper handling of values, enabling brute-force attempts without prior username knowledge and, once the password is known, blind ...

5.3CVSS5.5AI score0.00453EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder