mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request.
References
Link | Resource |
---|---|
https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9 | Patch |
https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635 | Exploit Third Party Advisory |
Configurations
History
20 Sep 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
First Time |
Mintplexlabs anythingllm
Mintplexlabs |
|
CPE | cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:* | |
References | () https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9 - Patch | |
References | () https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635 - Exploit, Third Party Advisory |
07 Jun 2024, 14:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Jun 2024, 19:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-06 19:16
Updated : 2024-09-20 13:15
NVD link : CVE-2024-3153
Mitre link : CVE-2024-3153
CVE.ORG link : CVE-2024-3153
JSON object : View
Products Affected
mintplexlabs
- anythingllm
CWE
CWE-400
Uncontrolled Resource Consumption