Vulnerabilities > CVE-2024-0440 - Unspecified vulnerability in Mintplexlabs Anythingllm

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

mintplexlabs

NVD

Published: 2024-02-26

Updated: 2025-02-27

Summary

Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.

Vulnerable Configurations

Part	Description	Count
Application	Mintplexlabs Mintplexlabs Anythingllm -	1

References

https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f