Vulnerabilities > Mintplexlabs > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-20 | CVE-2024-5213 | Exposure of Sensitive Information Through Metadata vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0/1.5.3 In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and after account creations (`POST /api/admin/users/new`). | 6.5 |
| 2024-06-06 | CVE-2024-3153 | Resource Exhaustion vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. | 6.5 |
| 2024-06-06 | CVE-2024-3102 | Improper Restriction of Excessive Authentication Attempts vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. | 5.3 |
| 2024-01-25 | CVE-2024-0879 | Improper Authentication vulnerability in Mintplexlabs Vector Admin Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address. | 4.3 |