PT-2024-24131 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: The issue is related to an uncontrolled resource consumption vulnerability in the upload file endpoint, which can lead to a denial of service DOS condition. Specifically,...

CVE-2024-4084

A Server-Side Request Forgery SSRF vulnerability exists in the latest version of mintplex-labs/anything-llm, allowing attackers to bypass the official fix intended to restrict access to intranet IP addresses and protocols. Despite efforts to filter out intranet IP addresses starting with 192, 172...

PT-2024-23313 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm affected versions not specified Description: The issue is due to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the logo filename parameter in the...

PT-2024-26638 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm repository affected versions not specified Description: A Denial of Service DoS issue exists when the application is running in 'just me' mode with a password. An attacker can exploit this by making a request to the...

PT-2023-31024 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 0.0.1 Description: The issue is related to SQL Injection in the GitHub repository mintplex-labs/anything-llm. Recommendations: For versions prior to 0.0.1, update to version 0.0.1 or later to resol...