cvedb.io
CVE-2024-8248
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2025-03-20T10:15:41.737 · Last modified 2026-06-17T08:22:11.960

Summary

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2.

Affected products

mintplexlabs — anythingllm

Does this affect you?

Add your gear to cvedb and we'll alert you only when mintplexlabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.