cbcvebase.
CVE-2024-8249
published 2025-03-20

CVE-2024-8249: mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat…

PriorityP342high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
0.64%
46.0th percentile
mintplex-labs/anything-llm version git 6dc3642 contains an unauthenticated Denial of Service (DoS) vulnerability in the API for the embeddable chat functionality. An attacker can exploit this vulnerability by sending a malformed JSON payload to the API endpoint, causing a server crash due to an uncaught exception. This issue is fixed in version 1.2.2.

Affected

2 ranges
VendorProductVersion rangeFixed in
mintplex-labsmintplex-labs_anything-llm>= unspecified < 1.2.21.2.2
mintplexlabsanythingllm< 1.2.21.2.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.