Unrated severityNVD Advisory· Published Jun 6, 2024· Updated Nov 3, 2024
JSON Injection in mintplex-labs/anything-llm
CVE-2024-3102
Description
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- mintplex-labs/mintplex-labs/anything-llmv5Range: unspecified
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.