CVE-2024-3153
Last modified
CVE-2024-3153 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. EPSS estimates a 0.66% chance of exploitation in the next 30 days.
Description
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Mintplexlabs | Anythingllm | < 1.0.0 |
References
- https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635Exploit, Third Party Advisory
- https://huntr.com/bounties/7bb08e7b-fd99-411e-99bc-07f81f474635Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-3153?
How severe is CVE-2024-3153?
How do I fix CVE-2024-3153?
Are you affected by CVE-2024-3153?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST