6.5
CVE-2024-5208
- EPSS 0.62%
- Veröffentlicht 19.06.2024 06:15:11
- Zuletzt bearbeitet 15.10.2025 13:15:46
- Quelle security@huntr.dev
- CVE-Watchlists
- Unerledigt
Uncontrolled Resource Consumption in mintplex-labs/anything-llm
An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This issue indicates that a previous fix was not effective in mitigating the vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Mintplexlabs ≫ Anythingllm Version < 1.0.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.448 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@huntr.dev | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
https://github.com/mintplex-labs/anything-llm/commit/e2439c6d4c3cfdacd96cd1b7b92d1f89c3cc8459
https://huntr.com/bounties/6c8bdfa1-ec56-4b02-bde9-cfc27470e6ca