We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | @huntr_ai |
Reserved | 2024-04-10 |
Published | 2024-04-10 |
Updated | 2024-08-01 |
A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
CWE-400 Uncontrolled Resource Consumption
https://huntr.com/bounties/619e13bd-b723-4727-9ccb-5099d698432e
https://github.com/mintplex-labs/anything-llm/commit/efe9dfa5e3550d12abd34d06ab7f8fbcf2206cfa