Skip to main content

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

Professional cybersecurity intelligence

Breaking cybersecurity news

Vulnerability database

EU vulnerability data

Hands-on web security training

Security incidents database

Knowledge library

Analytics & trends

Follow us

About Sources Sponsored Articles Status Legal Terms

v2.3.3•© 2026

Telegram Bluesky GitHub Contact

Return to CVE list

CVE-2024-0440

CVE-2024-0440

6.5

Medium

Published:26 Feb 2024

Last updated:17 Jun 2026

Source:security@huntr.dev

Analyzed

Weakness (CWE)

CWE-918Server-Side Request Forgery (SSRF)

CVSS Vector

v3.1

Attack Vector: Network
Attack Complexity: Low
Privileges Required: Low
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None

View on MITRE Find PoC on GitHub

Description

Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files.

References

security@huntr.dev

https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3

security@huntr.dev

https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f

af854a3a-2127-422b-91ae-364da2661108

https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3

af854a3a-2127-422b-91ae-364da2661108

https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f