CVE-2024-5208

Name of the Vulnerable Software and Affected Versions mintplex-labs/anything-llm (affected versions not specified)

Description An uncontrolled resource consumption issue exists in the "upload-link" endpoint, allowing attackers to cause a denial of service (DOS) by shutting down the server through sending invalid upload requests. This can be achieved by sending an empty body with a 'Content-Length: 0' header or by sending a body with arbitrary content, such as 'asdasdasd', with a 'Content-Length: 9' header. The issue is reproducible by users with at least a 'Manager' role, sending a crafted request to any workspace. This indicates that a previous fix was not effective in mitigating the issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.