漏洞标题
"mintplex-labs/anything-llm 中的不受控制的资源消耗"
漏洞描述信息
"mintplex-labs/anything-llm" 受其上传文件端点中无法控制的资源消耗漏洞影响,导致拒绝服务(DoS)状况。具体来说,发送无效上传请求可以使服务器关闭。如果攻击者有能力上传文件,可以通过操纵上传请求来利用此漏洞导致 DoS 状况。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
未加控制的资源消耗(资源穷尽)
漏洞标题
Uncontrolled Resource Consumption in mintplex-labs/anything-llm
漏洞描述信息
mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request.
CVSS信息
N/A
漏洞类别
未加控制的资源消耗(资源穷尽)
漏洞标题
AnythingLLM 资源管理错误漏洞
漏洞描述信息
AnythingLLM是符合业务要求的文档聊天机器人。 AnythingLLM 存在资源管理错误漏洞,该漏洞源于通过大量上传无效文件可以导致拒绝服务。
CVSS信息
N/A
漏洞类别
资源管理错误