3 matches found
CVE-2024-6095
Vulnerability: LocalAI (mudler/localai) 2.15.0 has a SSRF and partial LFI in the /models/apply endpoint. The endpoint accepts both http(s):// and file:// schemes, with file:// enabling local-file access. Impact is described as potential unauthorized access to internal HTTP(S) services and partial...
LocalAI Code Issues Vulnerabilities
LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A code issue vulnerability exists in LocalAI version 2.15.0, which stems from a cross-site request forgery and local file inclusion vulnerability in the /models/apply API...
PT-2024-37382 · Unknown · Mudler/Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai versions 2.15.0 Description: A vulnerability in the "/models/apply" endpoint allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the...