121 matches found
CVE-2024-6983
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...
CVE-2024-6983
CVE-2024-6983 affects mudler/localai v2.17.1. The backend accepts inputs beyond the configuration file, enabling an attacker to upload a binary and execute code, potentially gaining full system control. Public reports in connected sources confirm this RCE vector and cite the vulnerable version as...
CVE-2024-6983 Remote Code Execution in mudler/localai
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...
CVE-2024-6983 Remote Code Execution in mudler/localai
mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the...
LocalAI 代码注入漏洞
LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A code injection vulnerability exists in LocalAI version 2.17.1, which originates when the localai backend receives input not only from a configuration file, but also from other inputs, allowing...
PT-2024-38020 · Localai · Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai version 2.17.1 Description: The localai backend is susceptible to remote code execution. This occurs because the backend accepts inputs from sources beyond the configuration file, enabling an attacker to upload and execute a...
Server-Side Request Forgery
github.com/go-skynet/localai is vulnerable to Server-Side Request Forgery. The vulnerability is due to the /models/apply endpoint supporting both https:// and file:// schemes, which can lead to LFI. The attacker can exploit this vulnerability with network access to the LocalAI instance, potential...
CVE-2024-6095
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...
CVE-2024-6095
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...
CVE-2024-6095
Vulnerability: LocalAI (mudler/localai) 2.15.0 has a SSRF and partial LFI in the /models/apply endpoint. The endpoint accepts both http(s):// and file:// schemes, with file:// enabling local-file access. Impact is described as potential unauthorized access to internal HTTP(S) services and partial...
CVE-2024-6095 SSRF and Partial LFI in /models/apply Endpoint in mudler/localai
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...
CVE-2024-6095 SSRF and Partial LFI in /models/apply Endpoint in mudler/localai
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...
CVE-2024-5616
A Cross-Site Request Forgery CSRF vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview',...
CVE-2024-5616
A Cross-Site Request Forgery CSRF vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview',...
CVE-2024-5616 CSRF Vulnerability in mudler/LocalAI
A Cross-Site Request Forgery CSRF vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview',...
CVE-2024-5616 CSRF Vulnerability in mudler/LocalAI
A Cross-Site Request Forgery CSRF vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview',...
CVE-2024-5616
CVE-2024-5616 affects mudler/LocalAI up to version 2.15.0, where the model deletion functionality is vulnerable to CSRF due to insufficient protection. An attacker could lure a user to delete an installed model (e.g., gpt-4-vision-preview) by visiting a malicious page. Affected component: model d...
PT-2024-37382 · Unknown · Mudler/Localai
Name of the Vulnerable Software and Affected Versions: mudler/localai versions 2.15.0 Description: A vulnerability in the "/models/apply" endpoint allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the...
LocalAI Security Breach
LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A security vulnerability exists in LocalAI version 2.15.0 and prior versions that stems from the presence of a Cross Site Request Forgery CSRF vulnerability. An attacker could use this...
PT-2024-36727 · Mudler · Localai
Name of the Vulnerable Software and Affected Versions: mudler/LocalAI versions up to and including 2.15.0 Description: A Cross-Site Request Forgery CSRF vulnerability exists, allowing attackers to trick victims into deleting installed models by crafting a malicious HTML page. This can cause the...