EUVD-2024-46799

Malicious code in bioql PyPI...

EUVD-2023-42749

Malicious code in bioql PyPI...

CVE-2024-5616

A Cross-Site Request Forgery CSRF vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview',...

CVE-2024-9901

...

Cross-Site Request Forgery (CSRF)

mudler/localai is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is caused due to insufficient CSRF protection mechanisms on the model deletion functionality, which allows an attackers o trick victims into deleting installed models...

CVE-2024-5616

A Cross-Site Request Forgery CSRF vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview',...

CVE-2024-5616 CSRF Vulnerability in mudler/LocalAI

A Cross-Site Request Forgery CSRF vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview',...

CVE-2024-5616 CSRF Vulnerability in mudler/LocalAI

A Cross-Site Request Forgery CSRF vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview',...

CVE-2024-5616

CVE-2024-5616 affects mudler/LocalAI up to version 2.15.0, where the model deletion functionality is vulnerable to CSRF due to insufficient protection. An attacker could lure a user to delete an installed model (e.g., gpt-4-vision-preview) by visiting a malicious page. Affected component: model d...

PT-2024-36727 · Mudler · Localai

Name of the Vulnerable Software and Affected Versions: mudler/LocalAI versions up to and including 2.15.0 Description: A Cross-Site Request Forgery CSRF vulnerability exists, allowing attackers to trick victims into deleting installed models by crafting a malicious HTML page. This can cause the...

Path Traversal

github.com/go-skynet/LocalAI is vulnerable to path traversal. The vulnerability is due to insufficient input validation of the model parameter during the model deletion process, which allows an attacker to delete arbitrary files on the host file system...

CVE-2024-5182 Path Traversal in mudler/localai

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory...

LocalAI Path Traversal Vulnerability

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. A path traversal vulnerability exists in LocalAI version 2.14.0, which stems from the presence of a path traversal vulnerability that could allow an attacker to utilize the model parameter durin...

SUSE CVE-2024-28224

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service resource exhaustion...

Ollama DNS rebinding vulnerability

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service resource exhaustion...

CVE-2024-28224

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service resource exhaustion...

Ollama 安全漏洞

Ollama is a large language model that can be started and run locally from the Ollama open source. A security vulnerability exists in Ollama versions prior to 0.1.29 that stems from the presence of a DNS rebinding vulnerability that could inadvertently allow remote access to the full API, which...

CVE-2024-28224

Ollama before 0.1.29 has a DNS rebinding vulnerability that can inadvertently allow remote access to the full API, thereby letting an unauthorized user chat with a large language model, delete a model, or cause a denial of service resource exhaustion...

PT-2023-26720 · Jeesite · Jeesite

Name of the Vulnerable Software and Affected Versions: jeesite version 1.2.6 Description: An issue in the delete function in the ActModelController class allows authenticated attackers to arbitrarily delete models created by the Administrator. Recommendations: For jeesite version 1.2.6, consider...