CVE-2024-0436
- EPSS 0.28%
- Veröffentlicht 26.02.2024 16:27:50
- Zuletzt bearbeitet 27.03.2025 11:15:35
Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additio...
CVE-2024-0435
- EPSS 0.37%
- Veröffentlicht 26.02.2024 16:27:50
- Zuletzt bearbeitet 25.02.2025 22:55:58
User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. A...
CVE-2024-22422
- EPSS 2.55%
- Veröffentlicht 19.01.2024 01:15:09
- Zuletzt bearbeitet 21.11.2024 08:56:15
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacke...
CVE-2023-5833
- EPSS 0.1%
- Veröffentlicht 30.10.2023 13:15:31
- Zuletzt bearbeitet 21.11.2024 08:42:35
Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
CVE-2023-5832
- EPSS 0.07%
- Veröffentlicht 30.10.2023 13:15:31
- Zuletzt bearbeitet 21.11.2024 08:42:35
Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0.
CVE-2023-4897
- EPSS 0.06%
- Veröffentlicht 11.09.2023 21:15:42
- Zuletzt bearbeitet 21.11.2024 08:36:12
Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.