Primary

Context

Mintplex Labs Anything-LLM Unauthenticated Denial-of-Service Vulnerability in Chat API

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Mintplex Labs Anything-LLM, specifically in the API for the embeddable chat feature. This issue, present in version git 6dc3642, allows an attacker to cause a server crash by sending a malformed JSON payload to the API endpoint, leading to an uncaught exception. The vulnerability is fixed in version 1.2.2.

Impact

Exploitation of this vulnerability causes a server crash, disrupting service by terminating the server process handling the chat API.

Remediation

Users can upgrade to version 1.2.2 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.3

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mintplex Labs Anything-LLM Unauthenticated Denial-of-Service Vulnerability in Chat API

Vulnerability

Impact

Remediation

Affected Products

mintplex-labs/anything-llm

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating