CVE-2024-3279

Name of the Vulnerable Software and Affected Versions mintplex-labs/anything-llm (affected versions not specified)

Description The issue is related to improper access control in the import endpoint, allowing anonymous attackers to import their own database files. This can lead to the deletion or alteration of the existing anythingllm.db file, enabling attackers to serve malicious data or collect user information. The vulnerability arises from the application's failure to properly restrict access to data-import functionality.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.