CVE-2024-0440
published 2024-02-26CVE-2024-0440: Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and…
PriorityP339medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EPSS
0.64%
45.9th percentile
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chrome_chrome | — | — | |
| mintplex-labs | mintplex-labs_anything-llm | >= unspecified < 1.0.0 | 1.0.0 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv3.09.6CRITICALCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-72wm-hh56-9gp6: Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host file
ghsa_unreviewed·2024-02-26
CVE-2024-0440 [CRITICAL] CWE-918 GHSA-72wm-hh56-9gp6: Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host file
Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.
Chrome
Stable Channel Update for Desktop: CVE-2025-0440
vendor_chrome·2025-01-14·CVSS 6.5
CVE-2025-0440 [MEDIUM] Stable Channel Update for Desktop: CVE-2025-0440
Stable Channel Update for Desktop
CVE-2025-0440: Inappropriate implementation in Fullscreen. Reported by Umar Farooq on 2023-07-22 [$2000][ 368628042 ] Medium CVE-2025-0441: Inappropriate implementation in Fenced Frames
Reported by someoneverycurious on 2024-09-21 [$2000][ 40940854 ] Medium CVE-2025-0442: Inappropriate implementation in Payments
Severity: medium
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272fhttps://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f
2024-02-26
Published