漏洞标题
无身份验证拒绝服务(DoS)攻击,影响AnythingLLM
漏洞描述信息
AnythingLLM是一个应用程序,它可以将任何文档、资源或内容转化为任何LLM在聊天时可以使用的参考内容。在提交前的版本`08d33cfd8`中,一个未经过身份验证的API路由(文件导出)可以允许攻击者使服务器崩溃,从而导致拒绝服务攻击。"数据导出"端点用于使用filename参数导出文件。该端点获取用户输入,过滤掉目录遍历攻击,从服务器获取文件,然后删除文件。攻击者可以诱骗输入过滤机制指向当前目录,然后在试图删除它时,服务器将崩溃,因为没有错误处理的包装。此外,这个端点是公共的,不需要任何形式的身份验证,从而导致一个未授权的拒绝服务问题,使用一个HTTP包即可使实例崩溃。这个问题已经在提交`08d33cfd8`中得到解决。建议用户升级。对于这个漏洞,没有已知的解决方案。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
对路径名的限制不恰当(路径遍历)
漏洞标题
Unauthenticated Denial of Service (DOS) attack in AnythingLLM
漏洞描述信息
AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
对因果或异常条件的不恰当检查
漏洞标题
AnythingLLM 代码问题漏洞
漏洞描述信息
AnythingLLM是符合业务要求的文档聊天机器人。 AnythingLLM存在代码问题漏洞。攻击者利用该漏洞导致服务器崩溃,从而拒绝服务。
CVSS信息
N/A
漏洞类别
代码问题