CVE-2024-8248

Name of the Vulnerable Software and Affected Versions mintplex-labs/anything-llm versions prior to 1.2.2

Description A vulnerability in the normalizePath function allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin.

Recommendations For versions prior to 1.2.2, update to version 1.2.2 to resolve the issue. As a temporary workaround, consider restricting access to the normalizePath function to minimize the risk of exploitation.