CVE-2024-10361

Name of the Vulnerable Software and Affected Versions danny-avila/librechat version v0.7.5-rc2

Description An arbitrary file deletion issue exists, specifically within the "/api/files" endpoint, due to improper input validation. This allows path traversal techniques to delete arbitrary files on the server, including critical system files, user data, or application resources, thus impacting the integrity and availability of the system.

Recommendations For danny-avila/librechat version v0.7.5-rc2, consider disabling access to the "/api/files" endpoint until a patch is available to prevent exploitation. Additionally, restrict the ability to perform file deletion operations to minimize the risk of arbitrary file deletion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.