CVE-2024-10109 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system…

High CVSS: 8.3

CVE-2024-10109

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats.

Vendor

Product

CWE

Yayın Tarihi

2025-03-20 10:15:14

Güncelleme

2025-07-11 20:43:39

Source Identifier

security@huntr.dev

KEV Date Added

-

Kategoriler

CWE-863 Anythingllm HIGH Mintplexlabs 2025

Referanslar

https://github.com/mintplex-labs/anything-llm/commit/8d302c3f670c582b09d47e96132c248101447a11 https://huntr.com/bounties/ad3c9e76-679d-4775-b203-96947ff73551

Benzer Kayıtlar

Low

CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Low

CVE-2026-32717

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Medium

CVE-2026-32719

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Critical

CVE-2026-32626

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32617

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…