CVE-2024-0404 | mintplex-labs anything-llm up to 0.x Account Creation /api/invite/:code dynamically-determined object attributes

Inserito da Angelo Barbosa | Apr 16, 2024 | CVE

A vulnerability, which was classified as critical, was found in mintplex-labs anything-llm up to 0.x. This affects an unknown part of the file /api/invite/:code of the component Account Creation Handler. The manipulation leads to dynamically-determined object attributes.

This vulnerability is uniquely identified as CVE-2024-0404. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-0404 | mintplex-labs anything-llm up to 0.x Account Creation /api/invite/:code dynamically-determined object attributes

Post correlati

CVE-2024-0381 | WP Recipe Maker Plugin up to 9.1.0 on WordPress tag cross site scripting

CVE-2024-8381 | Mozilla Firefox up to 129.x Property Name Lookup type confusion

CVE-2024-23734 | Savignano SNotify up to 2.0.0 User Profile Page cross-site request forgery

CVE-2024-39962 | D-Link DIR-823X AX3000 21_D240126 HTTP Request /goform/set_ntp ntp_zone_val Privilege Escalation