3 matches found
Cross Site Request Forgery (CSRF)
github.com/mudler/localai is vulnerable to Cross Site Request Forgery CRSF. The vulnerability is due to a lack of CSRF tokens, allowing an attacker to host malicious JavaScript on a host. When visited by a LocalAI user, this could allow the attacker to fill disk space to deny service or abuse...
LocalAI cross-site request forgery vulnerability
A Cross-Site Request Forgery CSRF vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers ...
CVE-2024-3135
Technical details (affected products/versions, root cause, fixes) are not publicly provided in the supplied documents. Monitor for updates from official advisories; current sources reiterate CSRF risk but lack version-specific remediation information.