Skip to main content
CVE Vulnerability Database

CVE-2024-3104: Mintplexlabs AnythingLLM RCE Vulnerability

CVE-2024-3104 is a remote code execution flaw in Mintplexlabs AnythingLLM caused by improper environment variable handling. Attackers can execute arbitrary code, read and modify data, or cause denial of service. This article covers technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2024-3104 Overview

A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the POST /api/system/update-env endpoint, which allows for the execution of arbitrary code on the host running anything-llm. The vulnerability is present in versions prior to 1.0.0, with the vulnerable commit identified as fde905aac1812b84066ff72e5f2f90b56d4c3a59. Successful exploitation could lead to code execution on the host, enabling attackers to read and modify data accessible to the user running the service, potentially leading to a denial of service.

Critical Impact

This vulnerability allows unauthenticated remote attackers to execute arbitrary code on the host system through environment variable injection, potentially compromising confidentiality, integrity, and availability of the affected system.

Affected Products

  • mintplex-labs/anything-llm versions prior to 1.0.0
  • AnythingLLM installations with exposed /api/system/update-env endpoint
  • Self-hosted AnythingLLM deployments accessible over the network

Discovery Timeline

  • 2024-06-06 - CVE-2024-3104 published to NVD
  • 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2024-3104

Vulnerability Analysis

This vulnerability stems from a command injection flaw (CWE-78) in the environment variable update functionality of AnythingLLM. The application fails to properly sanitize user-supplied input when processing environment variable updates through the /api/system/update-env API endpoint. By injecting special characters such as newlines, quotes, or escape sequences into environment variable values, an attacker can break out of the intended variable assignment context and inject additional malicious commands or environment variables.

The attack can be performed remotely over the network without requiring any authentication or user interaction, making it particularly dangerous for internet-exposed AnythingLLM instances.

Root Cause

The root cause of this vulnerability is missing input sanitization in the updateENV.js helper module within the server component. The application accepted user-controlled values for environment variables without filtering dangerous characters that could be used to inject additional environment variables or execute arbitrary commands. Characters such as newlines (\n, \r), tabs, quotes (", ', `), and hash symbols (#) were not stripped from user input before being written to the environment configuration.

Attack Vector

An attacker can exploit this vulnerability by sending a crafted HTTP POST request to the /api/system/update-env endpoint containing malicious environment variable values. By embedding newline characters or quote escapes within the value, the attacker can inject additional environment variables or terminate the current assignment prematurely, effectively gaining control over the application's runtime environment and enabling arbitrary code execution.

The security patch implemented a sanitizeValue() function that truncates input at the first occurrence of any potentially dangerous character:

javascript
     "DISABLE_TELEMETRY",
   ];
 
+  // Simple sanitization of each value to prevent ENV injection via newline or quote escaping.
+  function sanitizeValue(value) {
+    const offendingChars =
+      /[\n\r\t\v\f\\u0085\\u00a0\\u1680\\u180e\\u2000-\\u200a\\u2028\\u2029\\u202f\\u205f\\u3000"'`#]/;
+    const firstOffendingCharIndex = value.search(offendingChars);
+    if (firstOffendingCharIndex === -1) return value;
+
+    return value.substring(0, firstOffendingCharIndex);
+  }
+
   for (const key of protectedKeys) {
     const envValue = process.env?.[key] || null;
     if (!envValue) continue;

Source: GitHub Commit bfedfebfab032e6f4d5a369c8a2f947c5d0c5286

Detection Methods for CVE-2024-3104

Indicators of Compromise

  • Unusual POST requests to /api/system/update-env containing newline characters, quotes, or other special characters in parameter values
  • Unexpected environment variable modifications in AnythingLLM configuration files
  • Process spawning from the AnythingLLM service that is not part of normal operations
  • Anomalous outbound network connections originating from the AnythingLLM process

Detection Strategies

  • Monitor HTTP request logs for POST requests to /api/system/update-env containing encoded newline characters (%0A, %0D) or quote characters
  • Implement Web Application Firewall (WAF) rules to detect and block requests with environment variable injection patterns
  • Deploy endpoint detection and response (EDR) solutions to monitor for suspicious child processes spawned by the AnythingLLM application
  • Enable process execution auditing on hosts running AnythingLLM to capture any abnormal command executions

Monitoring Recommendations

  • Configure alerting for any modifications to AnythingLLM environment configuration files
  • Monitor system logs for unexpected process executions under the AnythingLLM service account
  • Implement network traffic analysis to detect command-and-control communications following potential exploitation
  • Review access logs regularly for patterns consistent with automated exploitation attempts

How to Mitigate CVE-2024-3104

Immediate Actions Required

  • Upgrade AnythingLLM to version 1.0.0 or later immediately
  • Restrict network access to the AnythingLLM instance using firewall rules until patching is complete
  • Review system logs for any evidence of exploitation attempts against the /api/system/update-env endpoint
  • If exploitation is suspected, isolate the affected system and conduct a forensic investigation

Patch Information

The vulnerability has been fixed in AnythingLLM version 1.0.0. The security patch implements input sanitization that strips dangerous characters from environment variable values before processing. Users should update to version 1.0.0 or later by pulling the latest release from the official repository. The specific fix can be reviewed in GitHub commit bfedfebfab032e6f4d5a369c8a2f947c5d0c5286.

Workarounds

  • Deploy a reverse proxy or WAF in front of AnythingLLM to filter requests containing injection characters in the /api/system/update-env endpoint
  • Restrict access to the /api/system/update-env endpoint to trusted administrators only using network-level access controls
  • Run AnythingLLM in an isolated container environment to limit the impact of potential code execution
bash
# Example: Block access to vulnerable endpoint using nginx
location /api/system/update-env {
    # Allow only from trusted admin IPs
    allow 10.0.0.0/8;
    deny all;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.