CVE-2024-8249 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2024-8249?

CVE-2024-8249 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-8249?

Check the references section above for vendor advisories and patch information. Affected products include: Mintplexlabs Anythingllm.

Vulnerability Description

mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception. This issue is fixed in version 1.2.2.

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mintplexlabs	Anythingllm	< 1.2.2

Related Weaknesses (CWE)

CWE-248

References

https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ePatch
https://huntr.com/bounties/2fb0c93f-5bc1-4212-bdca-292db7c6951fExploitThird Party Advisory

FAQ

What is CVE-2024-8249?

CVE-2024-8249 is a vulnerability with a CVSS score of 7.5 (HIGH). mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerab...

How severe is CVE-2024-8249?

CVE-2024-8249 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-8249?

Check the references section above for vendor advisories and patch information. Affected products include: Mintplexlabs Anythingllm.