CVE-2023-4897: 
Homebrew vulnerability analysis and mitigation

A Relative Path Traversal vulnerability was identified in GitHub repository mintplex-labs/anything-llm prior to version 0.0.1. The vulnerability was discovered and disclosed on September 11, 2023, and was assigned CVE-2023-4897. The vulnerability affects the AnythingLLM software package developed by Mintplex Labs (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (CRITICAL) by NIST with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Additionally, huntr.dev assessed it with a CVSS score of 8.7 (HIGH) with vector string CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N. The vulnerability is classified as CWE-23 (Relative Path Traversal) (NVD).

The path traversal vulnerability could potentially allow attackers to access files outside of the intended directory structure, leading to unauthorized access to sensitive files on the system (NVD).

A patch has been released to address this vulnerability. Users should upgrade to version 0.0.1 or later of the anything-llm package. The fix includes implementation of path normalization and sanitization to prevent directory traversal attacks (GitHub Patch).