Description

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6.

INFO

Published Date :

2025-03-20T10:08:59.584Z

Last Modified :

2025-03-20T18:59:47.731Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-11170 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-11170.

URL Resource
https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4 cve-icon cve-icon
https://huntr.com/bounties/b64156c2-5380-4d4d-af30-b2938dcdd46e cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact