CVE-2024-10363

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-10363
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10363.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10363
Published
2025-03-20T10:15:16.630Z
Modified
2026-04-10T05:08:36.885751Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions.

References

Affected packages

Git / github.com/danny-avila/librechat

Affected ranges

Type
GIT
Repo
https://github.com/danny-avila/librechat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
600d21780bfced4d2146ab556fa4de0dcaef55ce
Fixed
42a4d02c62e2a6cf677d1cb6cfcb36d136aaa599
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.7.5"
        }
    ]
}

Affected versions

v0.*
v0.0.1
v0.0.2
v0.0.3
v0.0.6
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.3
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.4.6
v0.4.7
v0.4.8
v0.5.0
v0.5.1
v0.5.2
v0.5.3
v0.5.4
v0.5.5
v0.5.6
v0.5.7
v0.5.8
v0.5.9
v0.6.0
v0.6.1
v0.6.10
v0.6.5
v0.6.6
v0.6.9
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.7.3-rc
v0.7.3-rc2
v0.7.4
v0.7.4-rc1
v0.7.5
v0.7.5-rc1
v0.7.5-rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10363.json"