Home > Vulnerability Database > CVE-2024-0549

Mend.io Vulnerability Database

CVE-2024-0549

Good to know:

Date: April 15, 2024

mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.

Language: JS

Severity Score

8.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-0549

Url: https://huntr.com/bounties/fcb4001e-0290-4b78-a2f0-91ee5d20cc72

Url: https://github.com/mintplex-labs/anything-llm/commit/026849df0224b6a8754f4103530bc015874def62

Url: https://www.mend.io/vulnerability-database/CVE-2024-0549

Severity Score

8.1

Weakness Type (CWE)

Relative Path Traversal

CWE-23

Top Fix

Upgrade Version

Upgrade to version 026849df0224b6a8754f4103530bc015874def62

Learn More

CVSS v3.1

Base Score:	8.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-0549

Good to know:

Date: April 15, 2024

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?