CVE-2024-0440
9.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Summary
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| mintplex-labs | mintplex-labs/anything-llm | unspecified < 1.0.0 | affected |
Weaknesses
- CWE-918: CWE-918 Server-Side Request Forgery (SSRF)
ADP Enrichment
CVE Program Container
Additional References
- https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
- https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
- https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.