VYPR
Medium severity6.2NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026

CVE-2024-8982

CVE-2024-8982

Description

A Local File Inclusion (LFI) vulnerability in OpenLLM version 0.6.10 allows attackers to include files from the local server through the web application. This flaw could expose internal server files and potentially sensitive information such as configuration files, passwords, and other critical data. Unauthorized access to critical server files, such as configuration files, user credentials (/etc/passwd), and private keys, can lead to a complete compromise of the system's security. Attackers could leverage the exposed information to further penetrate the network, exfiltrate data, or escalate privileges within the environment.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Bentoml/Openllminferred2 versions
    = 0.6.10+ 1 more
    • (no CPE)range: = 0.6.10
    • (no CPE)range: =0.6.10

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.