Critical Path Traversal Vulnerability in AnythingLLM (CVE-2024-13059) Allows Arbitrary File Write and Remote Code Execution
- Nox90 Engineering
- Apr 20
- 3 min read

Nox90 Application Security Report: CVE-2024-13059 (AnythingLLM Path Traversal Vulnerability)
Executive Summary
CVE-2024-13059 is a critical path traversal vulnerability affecting AnythingLLM, an open-source AI assistant framework. Versions prior to 1.3.1 are vulnerable. Attackers with manager or admin roles can exploit this flaw by uploading files with specially crafted non-ASCII filenames, leading to arbitrary file write and potential remote code execution (RCE) on the host system. This vulnerability has high impact and is being actively discussed in the security community, though no widespread exploitation in the wild has been confirmed as of this report.
Technical Details
- CVE ID: CVE-2024-13059
- Product: mintplex-labs/anything-llm
- Affected Versions: < 1.3.1
- Patched Version: 1.3.1
- Severity: Critical (CVSS 9.1, GitHub Advisory; CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)
- EPSS Score: 0.04% (low likelihood of widespread exploitation, but high impact)
- CWE: CWE-29 (Path Traversal: '..\filename')
Vulnerability Breakdown
- Vector: File uploads handled by the
multer
library. - Root Cause: Improper sanitization of non-ASCII filenames. Filenames containing directory traversal sequences (e.g.,
../../malicious.sh
) are not filtered correctly. - Attack Prerequisites:
- Access to a vulnerable AnythingLLM instance.
- Manager or admin privileges within the application.
- Exploit Mechanism:
- Craft a file with a non-ASCII filename containing traversal sequences (e.g.,
../../malicious.sh
). - Upload the file through AnythingLLM’s interface.
- The server writes the file outside the intended directory (e.g., to
/etc/cron.d/
, or other sensitive locations). - If the attacker places an executable script in a directory processed by system services (e.g., cron, startup scripts), this can result in remote code execution with the privileges of the application process.
Impact
- Confidentiality: Attackers could access or overwrite sensitive files.
- Integrity: Arbitrary file write enables the planting of malicious scripts, which may alter system or application behavior.
- Availability: Successful exploitation could disrupt services or render the application or host unusable.
Exploitation Evidence
- Proof of Concept (PoC): No public PoC code was found, but the exploit steps are clearly outlined in multiple sources (OffSec Blog, GBHackers).
- Exploitation in the Wild: As of this report, there are no confirmed breaches or public reports of exploitation in the wild.
- Discussion and Awareness: The vulnerability is broadly discussed in security news, advisories, and threat intelligence platforms, increasing the risk of exploitation as awareness spreads.
Attack Techniques & Threat Intelligence
- MITRE ATT&CK Techniques:
- T1059 - Command and Scripting Interpreter: If a malicious script is placed and executed via cron/startup.
- T1105 - Ingress Tool Transfer: Uploading malicious files to the server.
T1078 - Valid Accounts: Requires valid manager/admin credentials.
APT Groups: No attribution to specific APT groups or threat actors, but privilege escalation and file upload vectors are common in APT tradecraft.
Indicators of Compromise (IOCs)
- Suspicious Filenames: Upload logs containing
../
or non-ASCII characters in filenames. - Unusual File Locations: Files appearing outside standard upload directories, especially in
/etc/cron.d/
,/var/spool/cron/
, startup script locations, or application root. - Unexpected Executions: New or modified scripts executed by cron, init, or other automated processes.
Detection and Monitoring
- Log Analysis:
- Monitor application and server logs for file uploads with suspicious filename patterns (e.g.,
../
). Track file writes or modifications in sensitive system or application directories.
Behavioral Detection:
- Implement file integrity monitoring (e.g., in
/etc/
or application roots). - Use intrusion detection systems (IDS) to alert on abnormal file access or execution patterns.
Remediation & Mitigation
- Upgrade: Immediately update AnythingLLM to version 1.3.1 or later. The patch introduces proper filename sanitization (GitHub Commit).
- Temporary Workarounds:
- Restrict file upload functionality to trusted users only.
- Implement server-side validation to reject filenames containing traversal sequences.
- Isolate the application environment (e.g., containerization, chroot/jail) to reduce impact scope.
References
- NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-13059
- OffSec technical analysis: https://www.offsec.com/blog/cve-2024-13059/
- GitHub Advisory: https://github.com/advisories/GHSA-866h-pm2w-j493
- Patch commit: https://github.com/mintplex-labs/anything-llm/commit/0b7bf68f2c02ca68075970fbf85d5a70ca5e94ca
- Gbhackers article: https://gbhackers.com/critical-anythingllm-vulnerability/
- Huntr report: https://huntr.com/bounties/92a875fe-c5b3-485c-b03f-d3185189e0b1
- MITRE techniques: https://attack.mitre.org/techniques/T1059/ https://attack.mitre.org/techniques/T1105/ https://attack.mitre.org/techniques/T1078/
Nox90 is here for you
Nox90 helps organizations implement robust Secure Software Development Life Cycle (SSDLC) and application security practices, providing continuous monitoring, vulnerability management, and threat intelligence. Our team can assist with vulnerability remediation, secure coding guidance, and incident response. If you have any questions about this report, application security, or your organization’s SSDLC posture, please contact us at info@nox90.com.
Comentarios