CVE-2024-3153

CVSS V2 None CVSS V3 None

Description

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request.

Overview

CVE ID
CVE-2024-3153

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-06-06T18:40:53.604Z

Last Modified Date
2024-06-20T13:58:10.102Z

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635
https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-3153
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3153

History

Created	Old Value	New Value	Data Type	Notes
2024-06-23 23:27:07				Added to TrackCVE