CVE-2024-3279 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-3279?

CVE-2024-3279 has a CVSS score of 9.1 (CRITICAL). This vulnerability allows unauthenticated attackers to import malicious database files into the anything-llm application, potentially deleting or spoofing the legitimate database. This could lead to data loss, data manipulation, or serving malicious content to users. All deployments of anything-llm with the vulnerable version are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to import malicious database files into the anything-llm application, potentially deleting or spoofing the legitimate database. This could lead to data loss, data manipulation, or serving malicious content to users. All deployments of anything-llm with the vulnerable version are affected.

💻 Affected Systems

Products:

mintplex-labs/anything-llm

Versions: Versions before commit 08d33cfd8fc47c5052b6ea29597c964a9da641e2

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Affects all deployments where the import endpoint is accessible.

📦 What is this software?

Anythingllm by Mintplexlabs

View all CVEs affecting Anythingllm →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database replacement with attacker-controlled data, leading to data destruction, credential theft, or persistent backdoor installation.

🟠

Likely Case

Database corruption or replacement with spoofed data, causing application disruption and potential data exposure.

🟢

If Mitigated

Unauthorized database imports are blocked, maintaining data integrity and preventing external manipulation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires simple HTTP requests to the import endpoint without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit 08d33cfd8fc47c5052b6ea29597c964a9da641e2 or later

Vendor Advisory: https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2

Restart Required: Yes

Instructions:

1. Update to latest version from GitHub. 2. Restart the application. 3. Verify import endpoint requires authentication.

🔧 Temporary Workarounds

Network Access Restriction

linux

Block external access to the import endpoint using firewall rules.

iptables -A INPUT -p tcp --dport [APP_PORT] -m string --string "/api/system/data-import" --algo bm -j DROP

Authentication Enforcement

all

Configure the application to require authentication for all endpoints.

🧯 If You Can't Patch

Isolate the application behind a reverse proxy with authentication
Implement network segmentation to restrict access to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Attempt unauthenticated POST request to /api/system/data-import endpoint. If it accepts requests, system is vulnerable.

Check Version:

Check git commit hash or version in application interface

Verify Fix Applied:

Verify that unauthenticated requests to /api/system/data-import return 401/403 error.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated POST requests to /api/system/data-import
Database file modification timestamps

Network Indicators:

HTTP POST to import endpoint without authentication headers
Unusual database file transfers

SIEM Query:

source="web_logs" AND uri_path="/api/system/data-import" AND http_method="POST" AND NOT auth_token=*

📊 Metadata

CVE ID: CVE-2024-3279

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-306

Published: August 12, 2024

Last Updated: October 15, 2025

🔗 References

https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2 Patch
https://huntr.com/bounties/303c5145-2c14-4945-914a-936be74dd04e Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3279, you might also want to check these: