CVE-2024-8196

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-8196

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8196.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-8196

Published

2025-03-20T10:15:41.490Z

Modified

2026-04-10T05:19:48.114039Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.

References

Affected packages

Git / github.com/mintplex-labs/anything-llm

Affected ranges

Type: GIT
Repo: https://github.com/mintplex-labs/anything-llm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

9bfe477f10b188bfe3508ac29105df80d4522ece

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8196.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.6.5"
            }
        ]
    }
]