Description

In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer middleware for handling multipart file uploads. When using in-memory storage (the default setting for multer), there is no limit on the upload file size. This can lead to a server crash due to out-of-memory errors when handling large files. An attacker without any privileges can exploit this vulnerability to cause a complete denial of service. The issue is fixed in version 0.7.6.

INFO

Published Date :

2025-03-20T10:10:18.684Z

Last Modified :

2025-10-15T12:49:28.195Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-11171 vulnerability.

Vendors Products
Librechat
  • Librechat
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-11171.

URL Resource
https://github.com/danny-avila/librechat/commit/bb58a2d0662ef86dc75a9d2f6560125c018e3836 cve-icon cve-icon
https://huntr.com/bounties/91717a5a-d653-4e35-b186-9e8d00aa4285 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact