CVE-2024-0440 Information

Description

Attacker with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.

Reference

https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3