EUVD-2024-47862

Malicious code in bioql PyPI...

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

Improper Input Validation

mudler/LocalAI is vulnerable to Improper Input Validation. The vulnerability is due to improper handling of automatic archive extraction, allowing a 'tarslip' attack to bypass file location restrictions and write files to arbitrary locations on the server...

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

CVE-2024-6868

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

CVE-2024-6868 Arbitrary File Write in mudler/LocalAI

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

CVE-2024-6868

CVE-2024-6868 affects mudler/LocalAI (version 2.17.1). The issue is improper handling of automatic archive extraction when model configurations specify archives (for example, .tar), causing archives to be extracted after download and enabling a potentially destructive “tarslip” that can write fil...

CVE-2024-6868 Arbitrary File Write in mudler/LocalAI

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives e.g., .tar, these archives are automatically extracted after downloading. This behavior can be exploited to perfor...

PT-2024-37915 · Unknown · Mudler/Localai

Name of the Vulnerable Software and Affected Versions: mudler/LocalAI version 2.17.1 Description: The issue arises from improper handling of automatic archive extraction in model configurations. When archives e.g., .tar are specified, they are automatically extracted after downloading, potentiall...