Home » Database

AVID-2026-R1358

Description

Improper validation of document removal parameter (CVE-2024-0763)

Details

Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization.

Reason for inclusion in AVID: CVE-2024-0763 describes a path traversal vulnerability in mintplex-labs/anything-llm, enabling an authenticated user to delete arbitrary folders on the remote server. This is a software vulnerability in an AI-related product used in AI workflows (LLM deployment/application). It affects a component that could be part of an AI deployment stack, thus relevant to the software supply chain of general-purpose AI systems. The CVE provides explicit security/vulnerability details (CWE-22, HIGH impact) and references (NVD entry, commit), supporting its classification as a security vulnerability with AI relevance and supply-chain impact.

References

Affected or Relevant Artifacts

  • Developer: mintplex-labs
  • Deployer: mintplex-labs
  • Artifact Details:
TypeName
Systemmintplex-labs/anything-llm

Impact

AVID Taxonomy Categorization

  • Risk domains: Security
  • SEP subcategories: S0100: Software Vulnerability
  • Lifecycle stages: L06: Deployment

CVSS

Version3.0
Vector StringCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Base Score8.1
Base Severity🔴 High
Attack VectorNETWORK
Attack Complexity🟢 Low
Privileges Required🟢 Low
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity Impact🔴 High
Availability Impact🔴 High

CWE

IDDescription
CWE-22CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

Other information

  • Report Type: Advisory
  • Credits:
  • Date Reported: 2024-02-27
  • Version: 0.3.3
  • AVID Entry