Unauthorized User Creation via Concurrent Requests in Invite Tab
CVE-2024-2913
What is CVE-2024-2913?
A race condition vulnerability exists in the user invite acceptance process of Mintplex Labs' Anything LLM product. The flaw enables attackers to exploit the system by sending multiple simultaneous requests to accept a single user invite. This exploitation leads to the creation of multiple user accounts from a single invite link, undermining the intended security feature that permits only one user acceptance per invite. Consequently, this issue results in unauthorized account creations that remain undetected within the invite tab, stemming from inadequate validation for concurrent requests on the backend.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.