CVE-2024-8248 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and wr…

High CVSS: 7.2

CVE-2024-8248

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2.

Vendor

Product

CWE

Yayın Tarihi

2025-03-20 10:15:41

Güncelleme

2025-07-15 15:16:11

Source Identifier

security@huntr.dev

KEV Date Added

-

Kategoriler

CWE-29 Anythingllm HIGH Mintplexlabs 2025

Referanslar

https://github.com/mintplex-labs/anything-llm/commit/47a5c7126c20e2277ee56e2c7ee11990886a40a7 https://huntr.com/bounties/7d6c3b7a-1116-450d-b539-9c911a97537e

Benzer Kayıtlar

Low

CVE-2026-32715

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Low

CVE-2026-32717

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Medium

CVE-2026-32719

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

Critical

CVE-2026-32626

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…

High

CVE-2026-32617

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti…