CVE-2024-2913

Name of the Vulnerable Software and Affected Versions anything-llm (affected versions not specified)

Description A race condition vulnerability exists in the user invite acceptance process, allowing attackers to create multiple user accounts from a single invite link by sending multiple concurrent requests. This bypasses the security mechanism that restricts invite acceptance to a single user, leading to unauthorized user creation without detection. The issue is due to the lack of validation for concurrent requests in the backend.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.