{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8249", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-08-27T23:27:51.285Z", "datePublished": "2025-03-20T10:09:41.740Z", "dateUpdated": "2025-03-20T18:36:01.825Z"}, "containers": {"cna": {"title": "Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:41.740Z"}, "descriptions": [{"lang": "en", "value": "mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception. This issue is fixed in version 1.2.2."}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"version": "unspecified", "lessThan": "1.2.2", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/2fb0c93f-5bc1-4212-bdca-292db7c6951f"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ee2ed2b5c1d81c"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-248 Uncaught Exception", "cweId": "CWE-248"}]}], "source": {"advisory": "2fb0c93f-5bc1-4212-bdca-292db7c6951f", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:53:22.627107Z", "id": "CVE-2024-8249", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:36:01.825Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8249", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:53:22.627107Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:53:24.071Z"}}], "cna": {"title": "Unauthenticated Denial of Service (DoS) in mintplex-labs/anything-llm", "source": {"advisory": "2fb0c93f-5bc1-4212-bdca-292db7c6951f", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "mintplex-labs", "product": "mintplex-labs/anything-llm", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "1.2.2", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/2fb0c93f-5bc1-4212-bdca-292db7c6951f"}, {"url": "https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ee2ed2b5c1d81c"}], "descriptions": [{"lang": "en", "value": "mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception. This issue is fixed in version 1.2.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-248", "description": "CWE-248 Uncaught Exception"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:41.740Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8249", "state": "PUBLISHED", "dateUpdated": "2025-03-20T18:36:01.825Z", "dateReserved": "2024-08-27T23:27:51.285Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:09:41.740Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "matchCriteriaId": "49CA730F-D0B7-4FBA-B8ED-A524C40A075D", "versionEndExcluding": "1.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception. This issue is fixed in version 1.2.2."}, {"lang": "es", "value": "La versi\u00f3n git 6dc3642 de mintplex-labs/anything-llm contiene una vulnerabilidad de denegaci\u00f3n de servicio (DoS) no autenticada en la API para la funcionalidad de chat integrable. Un atacante puede explotar esta vulnerabilidad enviando una carga JSON malformada al endpoint de la API, lo que provoca un fallo del servidor debido a una excepci\u00f3n no detectada. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.2."}], "id": "CVE-2024-8249", "lastModified": "2025-07-15T15:17:28.100", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}]}, "published": "2025-03-20T10:15:41.860", "references": [{"source": "security@huntr.dev", "tags": ["Patch"], "url": "https://github.com/mintplex-labs/anything-llm/commit/548da9ade30368289c5beaf0a8ee2ed2b5c1d81c"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/2fb0c93f-5bc1-4212-bdca-292db7c6951f"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-248"}], "source": "security@huntr.dev", "type": "Primary"}]}

{}

{}