CVE-2024-3104
Published: 06 June 2024
Summary
CVE-2024-3104 is a critical-severity OS Command Injection (CWE-78) vulnerability in Mintplexlabs Anythingllm. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Supply Chain and Deployment risk domain; MITRE ATLAS techniques in scope: Hardware (AML.T0010.000), Infer Training Data Membership (AML.T0024.000), Financial Harm (AML.T0048.000).
Deeper analysis
A remote code execution vulnerability exists in mintplex-labs/anything-llm stemming from improper handling of environment variables through the POST /api/system/update-env endpoint. The flaw, present in versions up to the commit fde905aac1812b84066ff72e5f2f90b56d4c3a59 and classified under CWE-78, permits injection of arbitrary variables that result in code execution on the underlying host. It carries a CVSS 3.1 score of 9.8 and was addressed in release 1.0.0.
Unauthenticated remote attackers can exploit the endpoint to supply malicious environment variables, achieving arbitrary code execution with the privileges of the service account. Successful attacks enable reading or modifying accessible data and can produce denial-of-service conditions on the host.
Public references point to the fixing commit bfedfebfab032e6f4d5a369c8a2f947c5d0c5286 and the associated huntr.com disclosure, which document the remediation applied to close the injection vector. The EPSS score remains at 0.0658 with no material increase observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-31707
Vulnerability details
A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the `POST /api/system/update-env` endpoint, which allows for the execution of arbitrary code on the…
more
host running anything-llm. The vulnerability is present in the latest version of anything-llm, with the latest commit identified as fde905aac1812b84066ff72e5f2f90b56d4c3a59. This issue has been fixed in version 1.0.0. Successful exploitation could lead to code execution on the host, enabling attackers to read and modify data accessible to the user running the service, potentially leading to a denial of service.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- mintplex-labs/anything-llm is an open-source LLM application for chatting with documents, classified as an Enterprise AI Assistant platform. The vulnerability affects its deployment API.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables remote code execution by exploiting a public-facing web API endpoint (/api/system/update-env) through improper environment variable handling, directly mapping to T1190: Exploit Public-Facing Application.
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.