CVE-2024-11170
NONE EPSS 73.1%
Published Mar 20, 20251y ago · Modified Jun 17, 20262w ago
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths by the multer middleware. This can lead to arbitrary file write and potentially remote code execution. The issue is fixed in version 0.7.6.
Threat Intelligence
EPSS Exploit Probability
73.1% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-29
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| librechat | librechat | * | <0.7.6 |
References 2
- github.com https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4
- huntr.com https://huntr.com/bounties/b64156c2-5380-4d4d-af30-b2938dcdd46e
Remediation
- github.com https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4