Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2024-22422

CVE-2024-22422: Mintplexlabs AnythingLLM DoS Vulnerability

CVE-2024-22422 is a denial of service flaw in Mintplexlabs AnythingLLM that allows unauthenticated attackers to crash the server with a single request. This article covers technical details, affected versions, and fixes.

Published:

CVE-2024-22422 Overview

CVE-2024-22422 is an unauthenticated denial of service vulnerability in AnythingLLM, an application that converts documents and resources into context for large language model (LLM) chats. The flaw resides in the data-export API route, which accepts a user-controlled filename parameter to fetch and then delete server files. An attacker can bypass the directory traversal filter to make the endpoint target the current working directory. When the unhandled delete operation fails, the server process crashes. A single unauthenticated HTTP request is sufficient to take the instance offline. The maintainers fixed the issue in commit 08d33cfd8.

Critical Impact

A single unauthenticated HTTP request to the data-export endpoint crashes the AnythingLLM server, producing a full availability outage with no prerequisites or user interaction.

Affected Products

  • Mintplex Labs AnythingLLM versions prior to commit 08d33cfd8
  • Self-hosted AnythingLLM deployments exposing the HTTP API
  • Docker and bare-metal AnythingLLM instances on the affected commit range

Discovery Timeline

  • 2024-01-19 - CVE-2024-22422 published to the National Vulnerability Database (NVD)
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2024-22422

Vulnerability Analysis

The vulnerability is a Denial of Service issue rooted in improper check for unusual or exceptional conditions [CWE-754]. The data-export endpoint in AnythingLLM accepts a filename parameter, applies a directory traversal filter, retrieves the corresponding file, and then deletes it from disk. The endpoint is exposed without authentication, so any network attacker that can reach the HTTP service can invoke it.

The sanitization routine normalizes the supplied path to prevent escape outside the export directory. By crafting input that the filter rewrites into a reference to the current directory, an attacker forces the subsequent delete call to operate on a directory rather than a file. The delete operation throws an exception that propagates uncaught, terminating the Node.js process.

Because the entire request handler is not wrapped in an error boundary, the unhandled rejection brings down the server instead of returning an HTTP error. The result is a one-shot crash primitive reachable over the network from any unauthenticated client.

Root Cause

Two defects combine to produce the crash. First, the path sanitization logic can be coerced into producing a reference to the current directory rather than rejecting the input. Second, the file deletion call has no surrounding try/catch or promise rejection handler, so any error becomes a fatal process exception.

Attack Vector

The attack is fully remote and unauthenticated. An adversary sends a single crafted HTTP request to the data-export endpoint with a filename value that bypasses the traversal filter and resolves to a directory entry. The server attempts the delete, raises an unhandled exception, and exits. No credentials, tokens, or user interaction are required.

The AnythingLLM team addressed the issue in commit 08d33cfd8 by hardening the input filter and adding error handling around the file operation. Technical details are available in the GitHub Security Advisory GHSA-xmj6-g32r-fc5q and the fix commit.

Detection Methods for CVE-2024-22422

Indicators of Compromise

  • Unauthenticated HTTP requests to the /data-export route originating from external or unexpected source addresses.
  • Abrupt termination of the AnythingLLM Node.js process with unhandled exception traces referencing file deletion.
  • Service supervisor (systemd, Docker, PM2) restart events that correlate with inbound data-export requests.

Detection Strategies

  • Alert on HTTP 5xx responses or connection resets immediately following requests to /data-export with non-standard filename parameters.
  • Monitor application logs for unhandled promise rejection or EISDIR/EPERM errors tied to the export handler.
  • Inspect reverse proxy or web application firewall (WAF) logs for crafted filename values containing traversal sequences or empty/dot-only path segments.

Monitoring Recommendations

  • Track process uptime and restart counters for AnythingLLM containers and instances.
  • Forward AnythingLLM stdout/stderr and access logs into a centralized analytics platform for correlation against availability events.
  • Implement rate limiting and anomaly alerting on the data-export endpoint until patched builds are in production.

How to Mitigate CVE-2024-22422

Immediate Actions Required

  • Upgrade AnythingLLM to a build that includes commit 08d33cfd8 or later.
  • Restrict network exposure of the AnythingLLM HTTP service to trusted networks or VPN-only access while patching.
  • Place the application behind an authenticating reverse proxy that blocks unauthenticated calls to /data-export.
  • Audit deployments for prior crashes or restart loops that may indicate exploitation attempts.

Patch Information

The vulnerability is resolved in commit 08d33cfd8 of the Mintplex-Labs anything-llm repository. The patch hardens the filename filter and adds error handling around the export operation. Users should pull the latest container image or rebuild from the patched source. Full advisory details are in GHSA-xmj6-g32r-fc5q.

Workarounds

  • The vendor advisory states there are no supported workarounds; upgrading is required.
  • As a temporary compensating control, block external access to /data-export at a reverse proxy or WAF until the patch is deployed.
  • Run AnythingLLM under a process supervisor that automatically restarts the service to reduce outage duration during active exploitation attempts.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.