Platform
nodejs
Component
anything-llm
Fixed in
1.0.1
A critical Server-Side Request Forgery (SSRF) vulnerability has been identified in Anything LLM versions up to 1.0.0. This flaw resides within the upload link feature, designed for manager and admin roles, which processes uploaded links through an internal Collector API using a headless browser. The vulnerability allows attackers to bypass security controls and interact with internal resources, potentially leading to unauthorized actions.
The SSRF vulnerability in Anything LLM poses a significant risk. Attackers can leverage this flaw to perform internal port scanning, effectively mapping the internal network and identifying exposed services. They can also access internal web applications that are not publicly accessible, potentially gaining access to sensitive data or control panels. Furthermore, the interaction with the Collector API can be exploited to perform unauthorized actions, including arbitrary file deletion and limited Local File Inclusion, leading to data loss and system compromise. The blast radius extends to any internal resources accessible through the Collector API.
This vulnerability is actively being tracked and has been publicly disclosed. While no active exploitation campaigns have been definitively confirmed, the ease of exploitation and the potential impact make it a high-priority concern. The vulnerability's presence in a LLM-related tool increases the potential for misuse. The CVSS score of 9.6 indicates a critical severity, suggesting a high probability of exploitation if left unaddressed.
Exploit Status
EPSS
0.13% (33% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-3149 is to immediately upgrade to version 1.0.0 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the upload link feature to only trusted users and carefully validate all uploaded links. Implement a Web Application Firewall (WAF) with rules to block requests to internal IP addresses and potentially malicious URLs. Monitor the Collector API for unusual activity and implement stricter access controls. After upgrading, confirm the fix by attempting to upload a link to an internal service and verifying that the request is blocked or properly handled.
Update Anything LLM to version 1.0.0 or later. This version contains a fix for the SSRF vulnerability in the upload link feature. The update will mitigate the risk of an attacker performing internal port scanning, accessing internal web applications not exposed externally, or interacting with the Collector API in an unauthorized manner.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-3149 is a critical Server-Side Request Forgery (SSRF) vulnerability in Anything LLM versions up to 1.0.0, allowing attackers to access internal resources and potentially delete files.
If you are using Anything LLM version 1.0.0 or earlier, and have enabled the upload link feature for manager or admin roles, you are potentially affected by this vulnerability.
The recommended fix is to upgrade to version 1.0.0 or later. As a temporary workaround, restrict access to the upload link feature and validate all uploaded links.
While no confirmed active exploitation campaigns have been reported, the vulnerability's severity and ease of exploitation suggest a high risk of exploitation if left unaddressed.
Refer to the mintplex-labs GitHub repository for updates and advisories related to CVE-2024-3149: [https://github.com/mintplex-labs/anything-llm](https://github.com/mintplex-labs/anything-llm)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.