In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an HTTP POST request to `/api/workspace/:workspace-slug/update`, allowing it to be executed as part of a database query without restrictions. This flaw enables users with a manager role to craft a request that includes nested write operations, effectively allowing them to create new Administrator accounts.
Metrics
Affected Vendors & Products
References
History
Thu, 10 Jul 2025 17:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mintplexlabs
Mintplexlabs anythingllm |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mintplexlabs
Mintplexlabs anythingllm |
|
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-05-20T12:24:51.682Z
Updated: 2024-08-01T20:33:53.198Z
Reserved: 2024-04-26T23:58:39.827Z
Link: CVE-2024-4287

Updated: 2024-08-01T20:33:53.198Z

Status : Analyzed
Published: 2024-05-20T13:15:23.980
Modified: 2025-07-10T17:19:03.897
Link: CVE-2024-4287

No data.