Plattform
nodejs
Komponente
anything-llm
Behoben in
1.0.1
CVE-2024-0549 is a Path Traversal vulnerability discovered in mintplex-labs/anything-llm, a Node.js application. This flaw allows unauthorized attackers, specifically those with default role accounts, to delete files and folders within the application's filesystem. The critical 'anythingllm.db' database is at risk, potentially leading to significant data loss and service unavailability. The vulnerability is fixed in version 1.0.0.
The primary impact of CVE-2024-0549 is the potential for unauthorized deletion of files and folders. Because the vulnerability requires only a default role account, the barrier to exploitation is relatively low. An attacker could leverage this to delete the 'anythingllm.db' database, effectively crippling the application and causing data loss. Further, an attacker could potentially delete other configuration files or application code, leading to a complete system compromise. The blast radius extends to any data stored within the application's database and any services dependent on the application's functionality.
CVE-2024-0549 was publicly disclosed on April 16, 2024. There is currently no indication of active exploitation campaigns. The vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet widely available, but the ease of exploitation suggests they may emerge. The vulnerability's reliance on a default role account makes it a potential target for opportunistic attackers.
Organizations deploying Anything LLM with default role accounts are at immediate risk. Shared hosting environments where multiple users share the same application instance are particularly vulnerable, as an attacker could potentially compromise the entire environment. Legacy configurations that haven't been updated to the latest security patches are also at increased risk.
• nodejs / server:
ps aux | grep anything-llm
find / -name 'anythingllm.db' 2>/dev/null• generic web:
curl -I http://<your-anything-llm-server>/delete?path=../etc/passwd• generic web:
grep -r "../" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.25% (48% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-0549 is to upgrade to version 1.0.0 of Anything LLM. If upgrading immediately is not feasible, restrict access to the application's file deletion endpoints. Implement robust input validation and normalization on all file and folder paths to prevent traversal attempts. Consider using a Web Application Firewall (WAF) with rules to block requests containing path traversal patterns (e.g., '../'). After upgrading, confirm the fix by attempting a file deletion request with a malicious path (e.g., '/../etc/passwd') and verifying that the request is denied.
Actualice Anything LLM a la versión 1.0.0 o posterior. Esta versión contiene una corrección para la vulnerabilidad de path traversal. La actualización evitará que usuarios no autorizados eliminen archivos y carpetas críticos.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-0549 is a Path Traversal vulnerability affecting Anything LLM versions up to 1.0.0, allowing attackers to delete files with default role accounts.
Yes, if you are using Anything LLM version 1.0.0 or earlier, you are vulnerable to this Path Traversal attack.
Upgrade to version 1.0.0 of Anything LLM. As a temporary workaround, restrict access to file deletion endpoints and implement robust input validation.
There is currently no confirmed evidence of active exploitation, but the vulnerability's ease of exploitation suggests it may become a target.
Refer to the mintplex-labs/anything-llm repository on GitHub for updates and advisories related to CVE-2024-0549.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.