Denial of Service Vulnerability in LibreChat by danny-avila
CVE-2024-11173

6.5MEDIUM

Key Information:

Vendor: Danny-avila
Status: Danny-avila/librechat
Vendor: CVE Published:; 20 March 2025

🔔 Create Danny-avila Vulnerability Alert

What is CVE-2024-11173?

An unhandled exception vulnerability in the LibreChat software can lead to a denial of service condition. This issue arises when specific API endpoints are fed malformed input, resulting in an uncaught exception that crashes the server. Although exploiting this vulnerability necessitates a valid JWT, the software's open registration feature permits unauthenticated attackers to create accounts, making it possible for them to trigger the denial of service. The vulnerability has been addressed in version 0.7.6.

Affected Version(s)

danny-avila/librechat < 0.7.6

References

https://huntr.com/bounties/4cebf926-c17f-4836-868b-e1de86...

https://github.com/danny-avila/librechat/commit/95a212534...

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 12, 2024