
We found results for “”
CVE-2024-8248
Good to know:

Date: March 20, 2025
A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2.
Severity Score
Severity Score
Weakness Type (CWE)
Path Traversal: '..filename'
CWE-29Top Fix

Upgrade Version
Upgrade to version https://github.com/mintplex-labs/anything-llm.git - v1.2.2
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |