CyberAlerts

CVE-2024-6854

Description: In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a trained model file, although the content of the overwrite is not controllable by the attacker.

CVSS: HIGH (7.1)

EPSS Score: 0.06%

Source: CVE

March 20th, 2025 (4 months ago)

CVE-2024-6851

Arbitrary File Deletion in aimhubio/aim

Description: In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion.

CVSS: HIGH (7.5)

EPSS Score: 0.16%

Source: CVE

March 20th, 2025 (4 months ago)

CVE-2024-6842

Exposure of Sensitive Information in mintplex-labs/anything-llm

Description: In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data returned by the `currentSettings` function includes sensitive information such as API keys for search engines, which can be exploited by attackers to steal these keys and cause loss of user assets.

CVSS: HIGH (7.5)

EPSS Score: 9.61%

Source: CVE

March 20th, 2025 (4 months ago)

CVE-2024-6827

HTTP Request Smuggling in benoitc/gunicorn

Description: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse.

CVSS: HIGH (7.5)

EPSS Score: 0.02%

Source: CVE

March 20th, 2025 (4 months ago)

CVE-2024-6825

Remote Code Execution in BerriAI/litellm

Description: BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' extension and imported. This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed.

CVSS: HIGH (8.8)

EPSS Score: 0.38%

Source: CVE

March 20th, 2025 (4 months ago)

CVE-2024-4990

Unsafe Reflection in base Component class in yiisoft/yii2

Description: In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unauthorized access.

CVSS: HIGH (8.1)

EPSS Score: 0.03%

Source: CVE

March 20th, 2025 (4 months ago)

CVE-2024-4023

Stored XSS in flatpressblog/flatpress

Description: A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML file. This allows an attacker to execute arbitrary JavaScript code, which can be used to steal user cookies, perform HTTP requests, and access content of the same origin.

CVSS: HIGH (8.1)

EPSS Score: 0.05%

Source: CVE

March 20th, 2025 (4 months ago)

CVE-2024-2292

Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data

Description: Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

March 20th, 2025 (4 months ago)

CVE-2024-12911

SQL Injection in run-llama/llama_index

Description: A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1.

CVSS: HIGH (7.1)

EPSS Score: 0.03%

Source: CVE

March 20th, 2025 (4 months ago)

CVE-2024-12886

Out-Of-Memory (OOM) Vulnerability in ollama/ollama

Description: An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition.

CVSS: HIGH (7.5)

EPSS Score: 0.06%

Source: CVE

March 20th, 2025 (4 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-6854	Arbitrary File Overwrite in h2oai/h2o-3 Description: In h2oai/h2o-3 version 3.46.0, the endpoint for exporting models does not restrict the export location, allowing an attacker to export a model to any file in the server's file structure, thereby overwriting it. This vulnerability can be exploited to overwrite any file on the target server with a trained model file, although the content of the overwrite is not controllable by the attacker. CVSS: HIGH (7.1) EPSS Score: 0.06% Source: CVE March 20th, 2025 (4 months ago)
CVE-2024-6851	Arbitrary File Deletion in aimhubio/aim Description: In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by LocalFileManager, allowing a maliciously crafted glob-pattern to lead to arbitrary file deletion. CVSS: HIGH (7.5) EPSS Score: 0.16% Source: CVE March 20th, 2025 (4 months ago)
CVE-2024-6842	Exposure of Sensitive Information in mintplex-labs/anything-llm Description: In version 1.5.5 of mintplex-labs/anything-llm, the `/setup-complete` API endpoint allows unauthorized users to access sensitive system settings. The data returned by the `currentSettings` function includes sensitive information such as API keys for search engines, which can be exploited by attackers to steal these keys and cause loss of user assets. CVSS: HIGH (7.5) EPSS Score: 9.61% Source: CVE March 20th, 2025 (4 months ago)
CVE-2024-6827	HTTP Request Smuggling in benoitc/gunicorn Description: Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information leakage, and business logic abuse. CVSS: HIGH (7.5) EPSS Score: 0.02% Source: CVE March 20th, 2025 (4 months ago)
CVE-2024-6825	Remote Code Execution in BerriAI/litellm Description: BerriAI/litellm version 1.40.12 contains a vulnerability that allows remote code execution. The issue exists in the handling of the 'post_call_rules' configuration, where a callback function can be added. The provided value is split at the final '.' mark, with the last part considered the function name and the remaining part appended with the '.py' extension and imported. This allows an attacker to set a system method, such as 'os.system', as a callback, enabling the execution of arbitrary commands when a chat response is processed. CVSS: HIGH (8.8) EPSS Score: 0.38% Source: CVE March 20th, 2025 (4 months ago)
CVE-2024-4990	Unsafe Reflection in base Component class in yiisoft/yii2 Description: In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the `__set()` magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors and invoking setter methods. Depending on the installed dependencies, various types of attacks are possible, including the execution of arbitrary code, retrieval of sensitive information, and unauthorized access. CVSS: HIGH (8.1) EPSS Score: 0.03% Source: CVE March 20th, 2025 (4 months ago)
CVE-2024-4023	Stored XSS in flatpressblog/flatpress Description: A stored cross-site scripting (XSS) vulnerability exists in flatpressblog/flatpress version 1.3. When a user uploads a file with a `.xsig` extension and directly accesses this file, the server responds with a Content-type of application/octet-stream, leading to the file being processed as an HTML file. This allows an attacker to execute arbitrary JavaScript code, which can be used to steal user cookies, perform HTTP requests, and access content of the same origin. CVSS: HIGH (8.1) EPSS Score: 0.05% Source: CVE March 20th, 2025 (4 months ago)
CVE-2024-2292	Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data Description: Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users. CVSS: HIGH (7.1) EPSS Score: 0.03% Source: CVE March 20th, 2025 (4 months ago)
CVE-2024-12911	SQL Injection in run-llama/llama_index Description: A vulnerability in the `default_jsonalyzer` function of the `JSONalyzeQueryEngine` in the run-llama/llama_index repository allows for SQL injection via prompt injection. This can lead to arbitrary file creation and Denial-of-Service (DoS) attacks. The vulnerability affects the latest version and is fixed in version 0.5.1. CVSS: HIGH (7.1) EPSS Score: 0.03% Source: CVE March 20th, 2025 (4 months ago)
CVE-2024-12886	Out-Of-Memory (OOM) Vulnerability in ollama/ollama Description: An Out-Of-Memory (OOM) vulnerability exists in the `ollama` server version 0.3.14. This vulnerability can be triggered when a malicious API server responds with a gzip bomb HTTP response, leading to the `ollama` server crashing. The vulnerability is present in the `makeRequestWithRetry` and `getAuthorizationToken` functions, which use `io.ReadAll` to read the response body. This can result in excessive memory usage and a Denial of Service (DoS) condition. CVSS: HIGH (7.5) EPSS Score: 0.06% Source: CVE March 20th, 2025 (4 months ago)