LocalAI 跨站请求伪造漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. LocalAI suffers from a cross-site request forgery vulnerability that stems from a lack of CSRF tokens on the web server, which allows an attacker to host malicious JavaScript on a host that coul...