CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-8251

High Severity
SVRS
52/100
CVSSv3
5.3/10
EPSS
0.00108/1

CVE-2024-8251 allows for Prisma injection in mintplex-labs/anything-llm before 1.2.2. This vulnerability exists within the "/embed/:embedId/stream-chat" API endpoint, enabling attackers to inject malicious JSON. By crafting a specific JSON object, like {"sessionId":{"not":"a"}}, an attacker can bypass security measures. This causes Prisma to return all data from the table, resulting in unauthorized access to all user queries in embedded chat mode. Given an SVRS of 52, while not critical, this CVE still requires monitoring. This vulnerability poses a significant risk of data leakage, making it important to upgrade to version 1.2.2 or apply provided patches.

TAGS
In The Wild
VECTOR STRING
CVSS:3.0
AV:N
AC:L
PR:N
UI:N
S:U
C:L
I:N
A:N
PUBLICATION DATE2025-03-20
LAST MODIFIED2025-03-20
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-8251 is a Prisma injection vulnerability affecting versions prior to 1.2.2 of mintplex-labs/anything-llm. It resides within the "/embed/:embedId/stream-chat" API endpoint, where user-supplied JSON is directly incorporated into Prisma queries without proper sanitization. Attackers can inject malicious JSON payloads to bypass intended access controls, potentially exposing all user queries in embedded chat mode. Although the CVSS score is 5.3 (Medium), the SOCRadar Vulnerability Risk Score (SVRS) is 38, suggesting a lower, though still present, risk level. The vulnerability is actively exploited by hackers.

Key Insights

  • Prisma Injection Vulnerability: The core issue is a Prisma injection vulnerability, meaning an attacker can manipulate database queries using specially crafted input. This bypasses normal access controls and exposes sensitive data.
  • Unauthorized Data Access: Successful exploitation allows unauthorized access to all user queries within embedded chat, severely compromising data confidentiality.
  • API Endpoint Weakness: The "/embed/:embedId/stream-chat" API endpoint is the specific attack vector, highlighting a flaw in input validation within this component.
  • Vulnerability is in the Wild: The tag “In The Wild” indicates that this vulnerability is actively being exploited, increasing the urgency of remediation.

Mitigation Strategies

  • Upgrade Anything-LLM: Immediately upgrade to version 1.2.2 or later of mintplex-labs/anything-llm to patch the vulnerability. This is the primary and most effective mitigation.
  • Input Sanitization: Implement strict input sanitization and validation on the "/embed/:embedId/stream-chat" API endpoint. Ensure all user-supplied JSON data is properly validated and neutralized to prevent injection attacks.
  • Principle of Least Privilege: Review and enforce the principle of least privilege for database access. Limit the permissions of the Prisma user account to only what is necessary for its function, minimizing the potential impact of a successful injection attack.
  • Web Application Firewall (WAF): Deploy or configure a Web Application Firewall (WAF) to detect and block malicious requests targeting the vulnerable API endpoint. WAF rules can be created to identify and filter out known injection patterns.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-8251 | mintplex-labs anything-llm up to 1.2.1 API Endpoint stream-chat information disclosure
vuldb.com2025-03-20
CVE-2024-8251 | mintplex-labs anything-llm up to 1.2.1 API Endpoint stream-chat information disclosure | A vulnerability was found in mintplex-labs anything-llm up to 1.2.1. It has been classified as problematic. This affects an unknown part of the file /embed/:embedId/stream-chat of the component API Endpoint. The manipulation leads to information disclosure. This vulnerability is uniquely identified as
vuldb.com
rss
forum
news

Social Media

CVE-2024-8251 A vulnerability in mintplex-labs/anything-llm prior to version 1.2.2 allows for Prisma injection. The issue exists in the API endpoint "/embed/:embedId/stream-chat" whe… https://t.co/5WygVPnfRd
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
SECURITY@HUNTR.DEVhttps://github.com/mintplex-labs/anything-llm/commit/334fd9cdd02ad4aa6a3c9bdfc95e7764651c13f4
SECURITY@HUNTR.DEVhttps://huntr.com/bounties/7c263ef1-7d50-475a-9425-b15df4e0403c

CWE Details

CWE IDCWE NameDescription
CWE-20Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence