CVE-2024-11169

Summary

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6.

Affected Software

VendorProductVersion RangeStatus
danny-aviladanny-avila/librechatunspecified < 0.7.6affected

Weaknesses

  • CWE-115: CWE-115 Misinterpretation of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References