Cyber Resilience

CVE-2024-3104

CriticalPublic PoCRCE

Published: 06 June 2024

Published
06 June 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0658 91.4th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3104 is a critical-severity OS Command Injection (CWE-78) vulnerability in Mintplexlabs Anythingllm. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: Hardware (AML.T0010.000), Infer Training Data Membership (AML.T0024.000), Financial Harm (AML.T0048.000).

Deeper analysis

A remote code execution vulnerability exists in mintplex-labs/anything-llm stemming from improper handling of environment variables through the POST /api/system/update-env endpoint. The flaw, present in versions up to the commit fde905aac1812b84066ff72e5f2f90b56d4c3a59 and classified under CWE-78, permits injection of arbitrary variables that result in code execution on the underlying host. It carries a CVSS 3.1 score of 9.8 and was addressed in release 1.0.0.

Unauthenticated remote attackers can exploit the endpoint to supply malicious environment variables, achieving arbitrary code execution with the privileges of the service account. Successful attacks enable reading or modifying accessible data and can produce denial-of-service conditions on the host.

Public references point to the fixing commit bfedfebfab032e6f4d5a369c8a2f947c5d0c5286 and the associated huntr.com disclosure, which document the remediation applied to close the injection vector. The EPSS score remains at 0.0658 with no material increase observed since disclosure.

EU & UK References

Vulnerability details

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the `POST /api/system/update-env` endpoint, which allows for the execution of arbitrary code on the…

more

host running anything-llm. The vulnerability is present in the latest version of anything-llm, with the latest commit identified as fde905aac1812b84066ff72e5f2f90b56d4c3a59. This issue has been fixed in version 1.0.0. Successful exploitation could lead to code execution on the host, enabling attackers to read and modify data accessible to the user running the service, potentially leading to a denial of service.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
mintplex-labs/anything-llm is an open-source LLM application for chatting with documents, classified as an Enterprise AI Assistant platform. The vulnerability affects its deployment API.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables remote code execution by exploiting a public-facing web API endpoint (/api/system/update-env) through improper environment variable handling, directly mapping to T1190: Exploit Public-Facing Application.

MITRE ATLAS TechniquesAI

MITRE ATLAS techniques

AML.T0010.000: HardwareAML.T0024.000: Infer Training Data MembershipAML.T0048.000: Financial Harm

Affected Assets

mintplexlabs
anythingllm
≤ 1.0.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-78

Platform-independent apps typically execute inside a managed runtime or sandbox that restricts direct OS command execution, reducing the ability to exploit OS command injection.

addresses: CWE-78

Validates inputs to block special elements that would alter OS command execution.

References