121 matches found
GHSA-WX43-G55G-2JF4 LocalAI Command Injection in audioToWav
A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...
CVE-2024-3570
A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...
CVE-2024-3570
A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...
CVE-2024-2029
A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...
CVE-2024-2029
A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...
CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm
A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...
CVE-2024-3570 Stored XSS leading to Admin Account Takeover in mintplex-labs/anything-llm
A stored Cross-Site Scripting XSS vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to...
CVE-2024-2029
CVE-2024-2029 affects mudler/localai's TranscriptEndpoint.audioToWav. Root cause: unsanitized user filenames passed to ffmpeg via a shell command, enabling arbitrary command execution on the host. Impacts include unauthorized access and data breaches, contingent on process privileges. Connected d...
CVE-2024-2029 Command Injection in mudler/localai
A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...
CVE-2024-2029 Command Injection in mudler/localai
A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...
PT-2024-18641 · Unknown · Mudler/Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai versions prior to v2.10.0 Description: A command injection issue exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. T...
localai 操作系统命令注入漏洞
LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. localai suffers from an operating system command injection vulnerability that stems from failure to clean up a user-supplied filename before passing it to ffmpeg via a shell command, allowing an...
Cross Site Request Forgery (CSRF)
github.com/mudler/localai is vulnerable to Cross Site Request Forgery CRSF. The vulnerability is due to a lack of CSRF tokens, allowing an attacker to host malicious JavaScript on a host. When visited by a LocalAI user, this could allow the attacker to fill disk space to deny service or abuse...
LocalAI cross-site request forgery vulnerability
A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...
GHSA-JHVF-7C85-3C9G LocalAI cross-site request forgery vulnerability
A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...
CVE-2024-3135
A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...
CVE-2024-3135
A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...
CVE-2024-3135 Cross-Site Request Forgery (CSRF) Vulnerability in mudler/localai
A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...
CVE-2024-3135 Cross-Site Request Forgery (CSRF) Vulnerability in mudler/localai
A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...
PT-2024-23993 · Unknown · Mudler/Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai affected versions not specified Description: A Cross-Site Request Forgery CSRF issue exists, allowing attackers to craft malicious webpages that perform unauthorized actions on a victim's local LocalAI instance without consent...