CVE-2024-11172

High CVSS 7.5

Overview

A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by sending a crafted payload to the server. The middleware `checkBan` is not surrounded by a try-catch block, and an unhandled exception will cause the server to crash. This issue is fixed in version 0.7.6.

CWE: CWE-400 Published: 2025-03-20T10:15:24.550

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.5 (HIGH)
Detected tags: dos, unauth_access (tag impact: HIGH)

Recommended actions:

Rate limiting, resource quotas and circuit breakers.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags