CVE-2024-0549

Name of the Vulnerable Software and Affected Versions mintplex-labs/anything-llm (affected versions not specified)

Description The issue allows unauthorized attackers with a default role account to perform a relative path traversal attack, enabling them to delete files and folders within the filesystem. This includes critical database files such as anythingllm.db. The vulnerability is caused by insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.