CVE-2024-0763

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-0763
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0763.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-0763
Published
2024-02-27T22:15:14.597Z
Modified
2026-03-14T12:23:50.946788Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.

References

Affected packages

Git / github.com/mintplex-labs/anything-llm

Affected ranges

Type
GIT
Repo
https://github.com/mintplex-labs/anything-llm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
013c0b9575ae6a87af87275e326041c4e0afeeee
Fixed
8a7324d0e77a15186e1ad5e5119fca4fb224c39c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-0763.json"