cve-2024-8249
Vulnerability from cvelistv5
Published
2025-03-20 10:09
Modified
2025-03-20 18:36
Severity ?
EPSS score ?
Summary
Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| mintplex-labs | mintplex-labs/anything-llm |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8249",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-20T17:53:22.627107Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T18:36:01.825Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mintplex-labs/anything-llm",
"vendor": "mintplex-labs",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception. This issue is fixed in version 1.2.2."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248 Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T10:09:41.740Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/2fb0c93f-5bc1-4212-bdca-292db7c6951f"
},
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ee2ed2b5c1d81c"
}
],
"source": {
"advisory": "2fb0c93f-5bc1-4212-bdca-292db7c6951f",
"discovery": "EXTERNAL"
},
"title": "Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-8249",
"datePublished": "2025-03-20T10:09:41.740Z",
"dateReserved": "2024-08-27T23:27:51.285Z",
"dateUpdated": "2025-03-20T18:36:01.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-8249\",\"sourceIdentifier\":\"security@huntr.dev\",\"published\":\"2025-03-20T10:15:41.860\",\"lastModified\":\"2025-03-20T10:15:41.860\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception. This issue is fixed in version 1.2.2.\"},{\"lang\":\"es\",\"value\":\"La versi\u00f3n git 6dc3642 de mintplex-labs/anything-llm contiene una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en la API para la funcionalidad de chat integrable. Un atacante puede explotar esta vulnerabilidad enviando una carga JSON malformada al endpoint de la API, lo que provoca un fallo del servidor debido a una excepci\u00f3n no detectada. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.2.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"security@huntr.dev\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security@huntr.dev\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-248\"}]}],\"references\":[{\"url\":\"https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ee2ed2b5c1d81c\",\"source\":\"security@huntr.dev\"},{\"url\":\"https://huntr.com/bounties/2fb0c93f-5bc1-4212-bdca-292db7c6951f\",\"source\":\"security@huntr.dev\"}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.