0.1.0

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

mintplexlabs

NVD

Published: 2024-02-27

Updated: 2025-03-04

Summary

Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.

Vulnerable Configurations

Part	Description	Count
Application	Mintplexlabs Mintplexlabs Anythingllm - Mintplexlabs Anythingllm 0.0.1 Mintplexlabs Anythingllm 0.1.0	3

References

https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c
https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c
https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5
https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5