How severe is CVE-2024-13059?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2024-13059?

This is classified as CWE-29, which is a common weakness in software security.

CVE-2024-13059 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in mintplex-labs/anything-llm prior to version 1.3.1 allows for path traversal due to improper handling of non-ASCII filenames in the multer library. This vulnerability can lead to arbitrary file write, which can subsequently result in remote code execution. The issue arises when the filename transformation introduces '../' sequences, which are not sanitized by multer, allowing attackers with manager or admin roles to write files to arbitrary locations on the server.

Related Vulnerabilities

CVE-2024-21518

HIGH

CVSS:7.2(High)

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files withi...

CWE-292024

CVE-2024-8248

HIGH

CVSS:7.2(High)

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can r...

CWE-292024

CVE-2022-2788

HIGH

CVSS:7.3(High)

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables atta...

CWE-292022

CVE-2024-6139

HIGH

CVSS:7.3(High)

A path traversal vulnerability exists in the XTTS server of the parisneo/lollms package version v9.6. This vulnerability allows an attacker to write audio files to arbitrary locations on the system an...

CWE-292024

CVE-2024-51534

HIGH

CVSS:7.1(High)

Dell PowerProtect DD versions prior to DDOS 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain a path traversal vulnerability. A local low privileged could potentially exploit this vulnerability to gain unauth...

CWE-292024

CVE-2023-6021

HIGH

CVSS:7.5(High)

LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.any...

CWE-292023