exploitDog

CVE-2024-11170

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6.

Ссылки

https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4
Patch
https://huntr.com/bounties/b64156c2-5380-4d4d-af30-b2938dcdd46e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*

Версия до 0.7.6 (исключая)

EPSS

Процентиль: 86%

0.02883

Низкий

8.8 High

CVSS3

Дефекты

CWE-29

Связанные уязвимости

GHSA-mq4w-5hp5-6g52

CVSS3: 8.8

github

11 месяцев назад

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6.

EPSS

Процентиль: 86%

0.02883

Низкий

8.8 High

CVSS3

Дефекты

CWE-29