Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Jul 15, 2025
IDOR in delete attachments in danny-avila/librechat
CVE-2024-10366
Description
An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- danny-avila/danny-avila/librechatv5Range: unspecified
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.