Vulnerability Description
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mintplexlabs | Anythingllm | < 1.0.0 |
Related Weaknesses (CWE)
References
- https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a4Patch
- https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635ExploitThird Party Advisory
- https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a4Patch
- https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635ExploitThird Party Advisory
FAQ
What is CVE-2024-3153?
CVE-2024-3153 is a vulnerability with a CVSS score of 6.5 (MEDIUM). mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can b...
How severe is CVE-2024-3153?
CVE-2024-3153 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-3153?
Check the references section above for vendor advisories and patch information. Affected products include: Mintplexlabs Anythingllm.