2 matches found
CVE-2024-3166
Summary: CVE-2024-3166 affects mintplex-labs/anything-llm, including desktop v1.2.0 to v1.4.1 and the web app. The vulnerability is an XSS in the feature that fetches and embeds external website content into workspaces, with a route to Remote Code Execution in the desktop app due to Electron sett...
CVE-2024-8196
CVE-2024-8196 affects mintplex-labs/anything-llm v1.5.11 desktop for Windows. The app opens server port 3001 on 0.0.0.0 with no authentication by default, enabling an attacker to gain full backend access and potentially delete all data from the workspace. Connected sources reiterate the same beha...