CVE-2024-8249

Name of the Vulnerable Software and Affected Versions mintplex-labs/anything-llm version git 6dc3642 through version prior to 1.2.2

Description The issue is related to an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception.

Recommendations For versions prior to 1.2.2, update to version 1.2.2 to resolve the issue. As a temporary workaround, consider restricting access to the API endpoint to minimize the risk of exploitation.