2 matches found
CVE-2024-10359
In danny-avila/librechat v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field via mass assignment. The root cause is that the backend saves the entire object received without validating attributes/values, allowing an attacker to inj...
CVE-2024-10359 Mass Assignment in Preset Creation Allows User ID Manipulation in danny-avila/librechat
In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. This allows an attacker to inject a different user ID into the preset object, causing the preset to appear in the UI of...