CVE-2024-10361
- EPSS 0.91%
- Veröffentlicht 20.03.2025 10:09:09
- Zuletzt bearbeitet 15.10.2025 13:15:35
An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary...
CVE-2024-11170
- EPSS 1.62%
- Veröffentlicht 20.03.2025 10:08:59
- Zuletzt bearbeitet 15.07.2025 16:45:15
A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixe...
CVE-2024-52787
- EPSS 0.76%
- Veröffentlicht 25.11.2024 18:15:13
- Zuletzt bearbeitet 15.04.2026 00:35:42
An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file.
CVE-2024-41703
- EPSS 0.35%
- Veröffentlicht 22.07.2024 05:15:03
- Zuletzt bearbeitet 21.11.2024 09:33:00
LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
CVE-2024-41704
- EPSS 0.67%
- Veröffentlicht 22.07.2024 05:15:03
- Zuletzt bearbeitet 21.11.2024 09:33:00
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.