CVE-2024-0440

Опубликовано: 26 фев. 2024

Источник: nvd

CVSS3: 9.6

CVSS3: 6.5

EPSS Низкий

Описание

Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.

Ссылки

https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
Patch
https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
Exploit
https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3
Patch
https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mintplexlabs:anythingllm:-:*:*:*:*:*:*:*

EPSS

Процентиль: 42%

0.00195

Низкий

9.6 Critical

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-72wm-hh56-9gp6

CVSS3: 9.6

github

почти 2 года назад

Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.

EPSS

Процентиль: 42%

0.00195

Низкий

9.6 Critical

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-918