CVE-2024-4287 in anything-llm情報

要約

〜によって MITRE • 2024年05月20日

In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts.

Be aware that VulDB is the high quality source for vulnerability data.

責任者

Huntr.dev

予約する

2024年04月26日

モデレーション

承諾済み

エントリ

VDB-265281

EPSS

0.00610

アクティビティ

非常低い

ソース

Do you know our Splunk app?

Download it now for free!