CVE-2024-11170 – A path traversal vulnerability in danny-avila/l... (How to Fix)

Q: What is the severity of CVE-2024-11170?

CVE-2024-11170 has a CVSS score of 8.8 (HIGH). A path traversal vulnerability in danny-avila/librechat allows attackers to write files to arbitrary locations on the server due to improper sanitization in the multer middleware. This can lead to remote code execution by overwriting critical system files. All instances running vulnerable versions of librechat are affected.

📋 TL;DR

A path traversal vulnerability in danny-avila/librechat allows attackers to write files to arbitrary locations on the server due to improper sanitization in the multer middleware. This can lead to remote code execution by overwriting critical system files. All instances running vulnerable versions of librechat are affected.

💻 Affected Systems

Products:

danny-avila/librechat

Versions: All versions before 0.7.6

Operating Systems: All operating systems running librechat

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the multer middleware file upload functionality. Any instance with file upload capabilities is vulnerable.

📦 What is this software?

Librechat by Librechat

View all CVEs affecting Librechat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Arbitrary file write allowing attackers to modify configuration files, inject malicious code, or disrupt service availability.

🟢

If Mitigated

Limited impact if proper file system permissions restrict write access to sensitive directories.

🌐 Internet-Facing: HIGH - Web applications are directly accessible and vulnerable to exploitation from external attackers.

🏢 Internal Only: MEDIUM - Internal attackers could exploit this to escalate privileges or move laterally within the network.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of path traversal techniques and the ability to upload files. No public exploit code is currently available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.7.6

Vendor Advisory: https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4

Restart Required: No

Instructions:

1. Update librechat to version 0.7.6 or later. 2. Run 'npm update' to ensure all dependencies are updated. 3. Verify the fix by checking the version and testing file upload functionality.

🔧 Temporary Workarounds

Disable file upload functionality

all

Temporarily disable file upload features in librechat configuration to prevent exploitation.

Modify librechat configuration to disable file upload endpoints

Implement strict file path validation

all

Add custom middleware to validate and sanitize file paths before processing.

Implement path normalization and validation in multer configuration

🧯 If You Can't Patch

Implement strict file system permissions to restrict write access to sensitive directories
Deploy a web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check if librechat version is below 0.7.6 and review multer middleware configuration for path sanitization.

Check Version:

npm list librechat | grep librechat

Verify Fix Applied:

Verify the version is 0.7.6 or later and test file upload functionality with malicious path traversal attempts.

📡 Detection & Monitoring

Log Indicators:

Unusual file write operations outside expected directories
Multiple failed file upload attempts with path traversal patterns

Network Indicators:

HTTP requests containing '../' or similar path traversal sequences in file upload parameters

SIEM Query:

source="web_logs" AND (url="*../*" OR params="*../*") AND method="POST"

📊 Metadata

CVE ID: CVE-2024-11170

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-29

EPSS Score: 2.88% exploit probability (86th percentile)

Published: March 20, 2025

Last Updated: July 15, 2025

🔗 References

https://github.com/danny-avila/librechat/commit/629be5c0ca2b332178524b4e3f6fac715aea8cc4 Patch
https://huntr.com/bounties/b64156c2-5380-4d4d-af30-b2938dcdd46e Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11170, you might also want to check these: