CVE-2024-11170

HIGH Year: 2024
CVSS v3 Score
8.8
High
Weakness Type
CWE-29
View all →

Vulnerability Description

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6.

Related Vulnerabilities

CVE-2024-12389

HIGH
CVSS:8.8(High)

A path traversal vulnerability exists in binary-husky/gpt_academic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr pa...

CWE-292024

CVE-2023-6023

HIGH
CVSS:8.6(High)

An attacker can read any file on the filesystem on the server hosting ModelDB through an LFI in the artifact_path URL parameter.

CWE-292023

CVE-2024-21542

HIGH
CVSS:8.6(High)

Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive fu...

CWE-292024

CVE-2024-34470

HIGH
CVSS:8.6(High)

An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filt...

CWE-292024

CVE-2024-5211

CRITICAL
CVSS:9.1(Critical)

A path traversal vulnerability in mintplex-labs/anything-llm allowed a manager to bypass the `normalizePath()` function, intended to defend against path traversal attacks. This vulnerability enables t...

CWE-292024

CVE-2024-5926

CRITICAL
CVSS:9.1(Critical)

A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service (DoS). This issue i...

CWE-292024