CVE-2024-7771

Name of the Vulnerable Software and Affected Versions mintplex-labs/anything-llm version 1d9452da2b92

Description A denial of service issue arises when uploading an audio file with a very low sample rate, causing the site instance to crash. This occurs due to the localWhisper implementation, where resampling the audio file from 1 Hz to 16000 Hz quickly exceeds available memory, leading to the Docker instance being killed by the instance manager.

Recommendations For version 1d9452da2b92, as a temporary workaround, consider restricting the upload of audio files with very low sample rates to prevent the denial of service issue until a patch is available. Additionally, limiting the resources allocated to the Docker instance or implementing memory limits may help mitigate the risk of the instance being killed by the instance manager.