GO-2024-2717 LocalAI Command Injection in audioToWav in github.com/go-skynet/LocalAI

LocalAI Command Injection in audioToWav in github.com/go-skynet/LocalAI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...

Command Injection

github.com/go-skynet/localai is vulnerable to command injection. The vulnerability is due to the lack of sanitization of user-supplied filenames before passing them to ffmpeg via a shell command in the audioToWav function, allowing attackers to execute arbitrary commands on the host system...

LocalAI Command Injection in audioToWav

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

GHSA-WX43-G55G-2JF4 LocalAI Command Injection in audioToWav

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

CVE-2024-2029

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

CVE-2024-2029

CVE-2024-2029 affects mudler/localai's TranscriptEndpoint.audioToWav. Root cause: unsanitized user filenames passed to ffmpeg via a shell command, enabling arbitrary command execution on the host. Impacts include unauthorized access and data breaches, contingent on process privileges. Connected d...

CVE-2024-2029 Command Injection in mudler/localai

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...

CVE-2024-2029 Command Injection in mudler/localai

A command injection vulnerability exists in the TranscriptEndpoint of mudler/localai, specifically within the audioToWav function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing the...