Librechat
by Librechat
Source repositories
CVEs (43)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-11170 | 0.00 | — | 0.02 | Mar 20, 2025 | A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6. | |||
| CVE-2024-41703 | 0.00 | — | 0.00 | Jul 22, 2024 | LibreChat through 0.7.4-rc1 has incorrect access control for message updates. | |||
| CVE-2024-41704 | 0.00 | — | 0.01 | Jul 22, 2024 | LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. |
- CVE-2024-11170Mar 20, 2025risk 0.00cvss —epss 0.02
A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6.
- CVE-2024-41703Jul 22, 2024risk 0.00cvss —epss 0.00
LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
- CVE-2024-41704Jul 22, 2024risk 0.00cvss —epss 0.01
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.
Page 3 of 3