{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11169", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-11-12T21:32:01.018Z", "datePublished": "2025-03-20T10:09:59.233Z", "dateUpdated": "2025-03-20T18:32:06.181Z"}, "containers": {"cna": {"title": "Unhandled Exception Leading to Server Crash in danny-avila/librechat", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:59.233Z"}, "descriptions": [{"lang": "en", "value": "An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6."}], "affected": [{"vendor": "danny-avila", "product": "danny-avila/librechat", "versions": [{"version": "unspecified", "lessThan": "0.7.6", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/754e1649-5612-4ba9-a533-06b46de5c4b5"}, {"url": "https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-115 Misinterpretation of Input", "cweId": "CWE-115"}]}], "source": {"advisory": "754e1649-5612-4ba9-a533-06b46de5c4b5", "discovery": "EXTERNAL"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T17:52:30.415341Z", "id": "CVE-2024-11169", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T18:32:06.181Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11169", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-20T17:52:30.415341Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T17:52:32.210Z"}}], "cna": {"title": "Unhandled Exception Leading to Server Crash in danny-avila/librechat", "source": {"advisory": "754e1649-5612-4ba9-a533-06b46de5c4b5", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "danny-avila", "product": "danny-avila/librechat", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "0.7.6", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/754e1649-5612-4ba9-a533-06b46de5c4b5"}, {"url": "https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4"}], "descriptions": [{"lang": "en", "value": "An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-115", "description": "CWE-115 Misinterpretation of Input"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-03-20T10:09:59.233Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11169", "state": "PUBLISHED", "dateUpdated": "2025-03-20T18:32:06.181Z", "dateReserved": "2024-11-12T21:32:01.018Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2025-03-20T10:09:59.233Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*", "matchCriteriaId": "E179B3DF-58FF-4973-9462-0DACCC77DC7A", "versionEndExcluding": "0.7.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6."}, {"lang": "es", "value": "Una excepci\u00f3n no controlada en la versi\u00f3n 3c94ff2 de danny-avila/librechat puede provocar un fallo del servidor. El problema ocurre cuando el m\u00f3dulo fs lanza una excepci\u00f3n al gestionar la carga de archivos. Un usuario no autenticado puede activar esta excepci\u00f3n enviando una solicitud especialmente manipulada, lo que provoca el fallo del servidor. La vulnerabilidad est\u00e1 corregida en la versi\u00f3n 0.7.6."}], "id": "CVE-2024-11169", "lastModified": "2025-07-15T16:45:29.420", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-03-20T10:15:24.210", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4"}, {"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/754e1649-5612-4ba9-a533-06b46de5c4b5"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-115"}], "source": "[email protected]", "type": "Primary"}]}

{}