VYPR
Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Jul 15, 2025

IDOR in delete attachments in danny-avila/librechat

CVE-2024-10366

Description

An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other users.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: = v0.7.5-rc2
  • danny-avila/danny-avila/librechatv5
    Range: unspecified

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.