cvedb.io
CVE-2024-5208
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2024-06-19T06:15:11.420 · Last modified 2026-06-17T08:15:24.930

Summary

An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. Specifically, the server can be made to shut down by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The vulnerability is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This issue indicates that a previous fix was not effective in mitigating the vulnerability.

Affected products

mintplexlabs — anythingllm

Does this affect you?

Add your gear to cvedb and we'll alert you only when mintplexlabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.