CVE-2024-11173

Name of the Vulnerable Software and Affected Versions danny-avila/librechat versions prior to 0.7.6

Description The issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception, which can cause the server to crash and lead to a full denial of service. Although a valid JWT is required to exploit this issue, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack.

Recommendations For versions prior to 0.7.6, update to version 0.7.6 to resolve the issue. As a temporary workaround, consider restricting access to the API endpoints that receive malformed input until the issue is resolved.