Vulnerabilities > Mintplexlabs > Anythingllm > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-3104 OS Command Injection vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables.
network
low complexity
mintplexlabs CWE-78
critical
 9.8
9.8
2024-06-06 CVE-2024-3033 Incorrect Authorization vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0
An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes.
network
low complexity
mintplexlabs CWE-863
critical
 9.4
9.4
2023-10-30 CVE-2023-5832 Improper Input Validation vulnerability in Mintplexlabs Anythingllm 0.0.1
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
network
low complexity
mintplexlabs CWE-20
critical
 9.1
9.1
2023-09-11 CVE-2023-4897 Relative Path Traversal vulnerability in Mintplexlabs Anythingllm
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
network
low complexity
mintplexlabs CWE-23
critical
 9.8
9.8