{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-23T01:49:38.489","vulnerabilities":[{"cve":{"id":"CVE-2024-8248","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:41.737","lastModified":"2025-07-15T15:16:11.277","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can result in privilege escalation from manager to admin. The issue is fixed in version 1.2.2."},{"lang":"es","value":"Una vulnerabilidad en la función normalizePath de mintplex-labs/anything-llm, versión git 296f041, permite path traversal, lo que provoca la lectura y escritura arbitraria de archivos en el directorio de almacenamiento. Esto puede provocar una escalada de privilegios de administrador a administrador. El problema se solucionó en la versión 1.2.2."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-29"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.2","matchCriteriaId":"49CA730F-D0B7-4FBA-B8ED-A524C40A075D"}]}]}],"references":[{"url":"https://github.com/mintplex-labs/anything-llm/commit/47a5c7126c20e2277ee56e2c7ee11990886a40a7","source":"security@huntr.dev","tags":["Patch"]},{"url":"https://huntr.com/bounties/7d6c3b7a-1116-450d-b539-9c911a97537e","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}