CVE-2024-11172

CVSS 3.0 Score 7.5 of 10 (high)

Details

Published Mar 20, 2025

CWE ID 400

Summary

CVE-2024-11172 is a newly identified vulnerability affecting the librechat server component in the danny-avila/librechat repository. The issue permits unauthenticated attackers to trigger a denial of service condition by sending specially crafted payloads to the server. This occurs due to an omission of a try-catch block surrounding the middleware function `checkBan`. Consequently, an unhandled exception arising from this function results in a server crash. This vulnerability has been rectified in version 0.7.6 of the danny-avila/librechat package.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0er0SZ
https://www.cve.org/CVERecord?id=CVE-2024-11172
https://nvd.nist.gov/vuln/detail/CVE-2024-11172

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Know What Matters

For Customers

For Partners

CVE-2024-11172

CVSS 3.0 Score 7.5 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations