{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T10:14:30.423","vulnerabilities":[{"cve":{"id":"CVE-2024-0436","sourceIdentifier":"security@huntr.dev","published":"2024-02-26T16:27:50.283","lastModified":"2025-03-27T11:15:35.710","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison.\n\nThe risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute"},{"lang":"es","value":"En teoría, sería posible que un atacante aplicara fuerza bruta a la contraseña de una instancia en modo de protección de contraseña de usuario único mediante un ataque de sincronización dada la naturaleza lineal del `!==` usado para la comparación. El riesgo se minimiza por la sobrecarga adicional de la solicitud, que varía de forma no constante, lo que hace que el ataque sea menos confiable de ejecutar."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.2}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.0.0","matchCriteriaId":"0D667E32-5A5C-479C-BB81-47F3BCA38C13"}]}]}],"references":[{"url":"https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268","source":"security@huntr.dev","tags":["Third Party Advisory"]},{"url":"https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}