cbcvebase.
CVE-2024-11170
published 2025-03-20

CVE-2024-11170: A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware…

PriorityP260high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
EPSS
1.62%
73.1th percentile
A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6.

Affected

2 ranges
VendorProductVersion rangeFixed in
danny-aviladanny-avila_librechat>= unspecified < 0.7.60.7.6
librechatlibrechat< 0.7.60.7.6
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.