{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11173", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-11-12T21:35:47.606Z", "datePublished": "2025-03-20T10:10:33.944Z", "dateUpdated": "2025-03-20T18:19:53.277Z"}, "containers": {"cna": {"title": "Unhandled Exception in danny-avila/librechat", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:10:33.944Z"}, "descriptions": [{"lang": "en", "value": "An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to exploit this vulnerability, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack. The issue is fixed in version 0.7.6."}], "affected": [{"vendor": "danny-avila", "product": "danny-avila/librechat", "versions": [{"version": "unspecified", "lessThan": "0.7.6", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/4cebf926-c17f-4836-868b-e1de86221cec"}, {"url": "https://github.com/danny-avila/librechat/commit/95a212534f1c5991bd1231a34ac3668b4b592cc3"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-248 Uncaught Exception", "cweId": "CWE-248"}]}], "source": {"advisory": "4cebf926-c17f-4836-868b-e1de86221cec", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:48:18.888998Z", "id": "CVE-2024-11173", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:19:53.277Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11173", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:48:18.888998Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:48:20.352Z"}}], "cna": {"title": "Unhandled Exception in danny-avila/librechat", "source": {"advisory": "4cebf926-c17f-4836-868b-e1de86221cec", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "danny-avila", "product": "danny-avila/librechat", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.7.6", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/4cebf926-c17f-4836-868b-e1de86221cec"}, {"url": "https://github.com/danny-avila/librechat/commit/95a212534f1c5991bd1231a34ac3668b4b592cc3"}], "descriptions": [{"lang": "en", "value": "An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to exploit this vulnerability, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack. The issue is fixed in version 0.7.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248 Uncaught Exception"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:10:33.944Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11173", "state": "PUBLISHED", "dateUpdated": "2025-03-20T18:19:53.277Z", "dateReserved": "2024-11-12T21:35:47.606Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:10:33.944Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*", "matchCriteriaId": "E179B3DF-58FF-4973-9462-0DACCC77DC7A", "versionEndExcluding": "0.7.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to exploit this vulnerability, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack. The issue is fixed in version 0.7.6."}, {"lang": "es", "value": "Una excepci\u00f3n no controlada en el repositorio danny-avila/librechat, versi\u00f3n git 600d217, puede provocar un fallo del servidor, lo que resulta en una denegaci\u00f3n de servicio total. Este problema ocurre cuando ciertos endpoints de la API reciben una entrada mal formada, lo que resulta en una excepci\u00f3n no detectada. Aunque se requiere un JWT v\u00e1lido para explotar esta vulnerabilidad, LibreChat permite el registro abierto, lo que permite a atacantes no autenticados crear una cuenta y ejecutar el ataque. El problema est\u00e1 corregido en la versi\u00f3n 0.7.6."}], "id": "CVE-2024-11173", "lastModified": "2025-07-15T16:03:30.350", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-03-20T10:15:24.663", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/danny-avila/librechat/commit/95a212534f1c5991bd1231a34ac3668b4b592cc3"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/4cebf926-c17f-4836-868b-e1de86221cec"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}

{}