CVE-2024-5213

In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (POST /api/request-token) and after account creations (POST /api/admin/users/new). This exposure occurs because the entire User object,...