CVE-2024-10109

Name of the Vulnerable Software and Affected Versions mintplex-labs/anything-llm versions prior to the commit that fixes the issue (affected versions not specified)

Description A vulnerability allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.