CVE-2024-8249 Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service DoS vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an...

CVE-2024-8249 Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service DoS vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an...

CVE-2024-8249

CVE-2024-8249 affects mintplex-labs/anything-llm, specifically the embeddable chat API. The issue is an unauthenticated Denial of Service triggered by sending a malformed JSON payload to the API endpoint, causing a server crash via an uncaught exception. Affected version: git 6dc3642. Remediation...

CVE-2024-10109 Incorrect Authorization in mintplex-labs/anything-llm

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of...

CVE-2024-10109 Incorrect Authorization in mintplex-labs/anything-llm

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of...

CVE-2024-10109

CVE-2024-10109 affects the mintplex-labs/anything-llm repository (commit 5c40419). Affected component: API endpoint /api/system/custom-models, exposed to low-privilege users. Root cause described as insufficient authorization allowing access to a sensitive endpoint, enabling modification of the m...

CVE-2024-7771 Denial of Service in mintplex-labs/anything-llm

A vulnerability in the Dockerized version of mintplex-labs/anything-llm latest, digest 1d9452da2b92 allows for a denial of service. Uploading an audio file with a very low sample rate causes the functionality responsible for transcribing it to crash the entire site instance. The issue arises from...

CVE-2024-7771 Denial of Service in mintplex-labs/anything-llm

A vulnerability in the Dockerized version of mintplex-labs/anything-llm latest, digest 1d9452da2b92 allows for a denial of service. Uploading an audio file with a very low sample rate causes the functionality responsible for transcribing it to crash the entire site instance. The issue arises from...

CVE-2024-8251 Prisma Injection in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. The issue exists in the API endpoint "/embed/:embedId/stream-chat" where user-provided JSON is directly taken to the Prisma library's where clause. An attacker can exploit this by providing a special...

CVE-2024-8251 Prisma Injection in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. The issue exists in the API endpoint "/embed/:embedId/stream-chat" where user-provided JSON is directly taken to the Prisma library's where clause. An attacker can exploit this by providing a special...

PT-2025-12227 · Prisma +1 · Prismax +1

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.2.2 Description: A vulnerability exists in the API endpoint "/embed/:embedId/stream-chat" where user-provided JSON is directly taken to the Prisma library's where clause. An attacker can exploit...

PT-2025-12226 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm version git 6dc3642 through version prior to 1.2.2 Description: The issue is related to an unauthenticated Denial of Service DoS vulnerability in the API for the embeddable chat functionality. An attacker can exploi...

anything-llm 安全漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A security vulnerability exists in anything-llm that stems from a low-privileged user having access to sensitive API endpoints, which could lead to API key disclosure and denial of service...

CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

CVE-2024-13059

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

CVE-2024-13059 Path Traversal in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when...

anything-llm 安全漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. A security vulnerability exists in versions of anything-llm prior to 1.3.1, which stems from the multer library's mishandling of path traversal for non-ASCII filenames, which could lead to arbitrary file...

CVE-2024-3569

A Denial of Service DoS vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the validatedRequest middleware with a specially crafte...

CVE-2024-3279

An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of...