A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-06-06T18:19:23.450Z
Updated: 2024-06-20T13:57:49.007Z
Reserved: 2024-03-29T18:43:30.670Z
Link: CVE-2024-3102
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-06-06T19:15:59.667
Modified: 2024-06-07T14:56:05.647
Link: CVE-2024-3102
JSON object: View
Redhat Information
No data.
CWE