CVE-2024-5211 | mintplex-labs anything-llm up to 0.x anythingllm.db normalizePath path traversal

Inserito da Angelo Barbosa | Giu 12, 2024 | CVE

A vulnerability was found in mintplex-labs anything-llm up to 0.x. It has been declared as critical. Affected by this vulnerability is the function normalizePath of the file anythingllm.db. The manipulation leads to path traversal: ‘..filename’.

This vulnerability is known as CVE-2024-5211. The attack can be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-5211 | mintplex-labs anything-llm up to 0.x anythingllm.db normalizePath path traversal

Post correlati

CVE-2024-20358 | Cisco ASA/Firepower Threat Defense command injection (cisco-sa-asaftd-cmd-inj-ZJV8Wysm)

CVE-2023-40263 | Atos Unify OpenScape Voice Trace Manager prior V8 R0.9.11 FTP command injection

CVE-2023-5956 | Wp-Adv-Quiz Plugin up to 1.0.2 on WordPress Setting cross site scripting

CVE-2024-21406 | Microsoft Windows up to Server 2022 23H2 Printing Service unknown vulnerability