ГлавнаяУязвимости → CVE-2024-10109
8.3высокая

CVE-2024-10109

Описание

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats.

Затрагиваемое ПО
Mintplexlabs Anythingllm
CVSS
Балл8.3 — высокая
ВекторCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Источники
https://github.com/mintplex-labs/anything-llm/commit/8d302c3f670c582b09d47e96132c248101447a11https://huntr.com/bounties/ad3c9e76-679d-4775-b203-96947ff73551