CVE-2024-0763

Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.

More information : https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c

Attack vector :
Attack complexity :
Privileges required :
User interaction :
Confidentiality impact :
Integrity impact :
Base score :
Base severity :
Exploitability score :
Impact score :