CVE-2024-8248

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-8248
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8248.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-8248
Published
2025-03-20T10:15:41.737Z
Modified
2026-04-10T05:19:48.450242Z
Severity
  • 7.2 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2.

References

Affected packages

Git / github.com/mintplex-labs/anything-llm

Affected ranges

Type
GIT
Repo
https://github.com/mintplex-labs/anything-llm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
de9f9a0ce81a89cde87a89b66bc7e35626b73a9f
Fixed
47a5c7126c20e2277ee56e2c7ee11990886a40a7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.2.2"
        }
    ]
}

Affected versions

v1.*
v1.0.0
v1.1.0
v1.1.1
v1.2.0
v1.2.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8248.json"