Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
References
Configurations
History
27 Feb 2025, 03:05
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Mintplexlabs anythingllm
Mintplexlabs |
|
References | () https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3 - Patch | |
References | () https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f - Exploit | |
CPE | cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:* |
21 Nov 2024, 08:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3 - | |
References | () https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f - | |
Summary |
|
26 Feb 2024, 16:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-26 16:27
Updated : 2025-02-27 03:05
NVD link : CVE-2024-0440
Mitre link : CVE-2024-0440
CVE.ORG link : CVE-2024-0440
JSON object : View
Products Affected
mintplexlabs
- anythingllm
CWE
CWE-918
Server-Side Request Forgery (SSRF)