CVE-2024-3153

Published: Jun 6, 2024Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request.

Affected (1)

Products: Mintplexlabs: Anythingllm

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mintplexlabs Anythingllm	Before 1.0.0

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9

Source: security@huntr.dev

Patch

https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635

Source: security@huntr.dev

ExploitThird Party Advisory

https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.