6.5

CVE-2024-11173

Exploit

EPSS 0.23%
Veröffentlicht 20.03.2025 10:10:33
Zuletzt bearbeitet 15.07.2025 16:03:30
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to exploit this vulnerability, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack. The issue is fixed in version 0.7.6.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Librechat ≫ Librechat Version < 0.7.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.23%	0.453

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

https://huntr.com/bounties/4cebf926-c17f-4836-868b-e1de86221cec

Third Party Advisory

Exploit

https://github.com/danny-avila/librechat/commit/95a212534f1c5991bd1231a34ac3668b4b592cc3

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-11173

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-11173

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-11173

EUVD