CVE-2024-0763

Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.
Configurations

No configuration.

History

21 Nov 2024, 08:47

Type Values Removed Values Added
References () https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c - () https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c -
References () https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5 - () https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5 -

27 Feb 2024, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-27 22:15

Updated : 2024-11-21 08:47


NVD link : CVE-2024-0763

Mitre link : CVE-2024-0763

CVE.ORG link : CVE-2024-0763


JSON object : View

Products Affected

No product.

CWE
CWE-20

Improper Input Validation