cvedb.io
CVE-2024-3569
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2024-04-10T17:15:58.350 · Last modified 2026-06-17T07:44:32.140

Summary

A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition.

Affected products

mintplexlabs — anythingllm

Does this affect you?

Add your gear to cvedb and we'll alert you only when mintplexlabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.