121 matches found
LocalAI 安全漏洞
LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A security vulnerability exists in LocalAI version 2.20.1, which stems from a call to the Delete Model API that causes stored cross-site scripting when passed inappropriate parameters...
CVE-2024-48057
localai =2.20.1 is vulnerable to Cross Site Scripting XSS. When calling the delete model API and passing inappropriate parameters, it can cause a one-time storage XSS, which will trigger the payload when a user accesses the homepage...
CVE-2024-48057
CVE-2024-48057 affects LocalAI (version
CVE-2024-7010
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...
CVE-2024-7010
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...
CVE-2024-6868
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
CVE-2024-6868
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
Researchers Uncover Vulnerabilities in Open-Source AI and ML Models
A little over three dozen security vulnerabilities have been disclosed in various open-source artificial intelligence AI and machine learning ML models, some of which could lead to remote code execution and information theft. The flaws, identified in tools like ChuanhuChatGPT, Lunary, and LocalAI...
CVE-2024-7010
The CVE-2024-7010 entry concerns mudler/localai version 2.17.1 and a Timing Attack vulnerability in password handling that leaks credentials by measuring cryptographic operation timing. This is a network-accessible side-channel issue with reported confidentiality impact, and multiple sources (NVD...
CVE-2024-7010 Timing Attack in mudler/localai
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...
CVE-2024-7010 Timing Attack in mudler/localai
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid...
CVE-2024-6868 Arbitrary File Write in mudler/LocalAI
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
CVE-2024-6868
CVE-2024-6868 affects mudler/LocalAI (version 2.17.1). The issue is improper handling of automatic archive extraction when model configurations specify archives (for example, .tar), causing archives to be extracted after download and enabling a potentially destructive “tarslip” that can write fil...
CVE-2024-6868 Arbitrary File Write in mudler/LocalAI
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...
PT-2024-37915 · Unknown · Mudler/Localai
Name of the Vulnerable Software and Affected Versions: mudler/LocalAI version 2.17.1 Description: The issue arises from improper handling of automatic archive extraction in model configurations. When archives e.g., .tar are specified, they are automatically extracted after downloading, potentiall...
LocalAI 信息泄露漏洞
LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. An information disclosure vulnerability exists in LocalAI version 2.17.1, which stems from vulnerability to timing attacks that allow an attacker to compromise a cryptosystem by analyzing the ti...
PT-2024-38028 · Unknown · Mudler/Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai version 2.17.1 Description: The issue is a Timing Attack, a type of side-channel attack that allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. In the context of...
LocalAI 安全漏洞
LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A security vulnerability exists in LocalAI version 2.17.1, which stems from mishandling of automatic archive extraction, allowing arbitrary file writes that could lead to remote code execution R...
CVE-2024-6983
creationtimestamp| type| source ---|---|--- 2024-09-27 19:14:37+00:00| seen| https://t.me/cvedetector/6549 2025-02-18 12:07:35+00:00| published-proof-of-concept| https://github.com/google/tsunami-security-scanner-plugins/tree/master/community/detectors/mudlerlocalaicve20246983...
CVE-2024-6983
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...