CVE-2024-41703
published 2024-07-22CVE-2024-41703: LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
PriorityP346critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.35%
27.2th percentile
LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| danny-avila | librechat | < 0.8.4-rc1 | 0.8.4-rc1 |
| librechat | librechat | <= 0.7.3 | — |
| librechat | librechat | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/danny-avila/LibreChat/discussions/3315#discussioncomment-10074284https://github.com/danny-avila/LibreChat/pull/3363https://github.com/realestate-com-au/vulnerability-disclosures/blob/main/LibreChat/CVE-2024-41703.mdhttps://github.com/danny-avila/LibreChat/discussions/3315#discussioncomment-10074284https://github.com/danny-avila/LibreChat/pull/3363
2024-07-22
Published