CVE-2024-5213
In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login POST /api/request-token and after account creations POST /api/admin/users/new. This exposure occurs because the entire User object,...