CVE-2024-3153

Exploit

EPSS 0.14%
Veröffentlicht 06.06.2024 19:16:00
Zuletzt bearbeitet 21.11.2024 09:29:00
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mintplexlabs ≫ Anythingllm Version < 1.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.339

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security@huntr.dev	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/mintplex-labs/anything-llm/commit/b8d37d9f43af2facab4c51146a46229a58cb53d9

Patch

https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-3153

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-3153

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-3153

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-3153