mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.
References
Configurations
No configuration.
History
16 Apr 2024, 13:24
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
16 Apr 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-16 00:15
Updated : 2024-04-16 13:24
NVD link : CVE-2024-0549
Mitre link : CVE-2024-0549
CVE.ORG link : CVE-2024-0549
JSON object : View
Products Affected
No product.
CWE
CWE-23
Relative Path Traversal