CVE-2024-6842
AnythingLLM (mintplex-labs/anything-llm) version 1.5.5 contains an information-disclosure vulnerability via the /setup-complete (or /api/setup-complete) endpoint, allowing remote, unauthenticated access to currentSettings that can include sensitive API keys for search engines. This enables potent...