Description

A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, leading to potential API key leakage and denial of service on chats.

INFO

Published Date :

2025-03-20T10:09:27.423Z

Last Modified :

2025-03-20T18:38:52.636Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-10109 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-10109.

URL Resource
https://github.com/mintplex-labs/anything-llm/commit/8d302c3f670c582b09d47e96132c248101447a11 cve-icon cve-icon
https://huntr.com/bounties/ad3c9e76-679d-4775-b203-96947ff73551 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact