Go modules package
github.com/go-skynet/localai
pkg:golang/github.com/go-skynet/localai
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-5182 | — | < 2.16.0 | 2.16.0 | Jun 19, 2024 | A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can trave | ||
| CVE-2024-2029 | — | < 2.10.0 | 2.10.0 | Apr 10, 2024 | A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenam | ||
| CVE-2024-3135 | — | <= 2.7.0 | — | Apr 1, 2024 | A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability |
- CVE-2024-5182Jun 19, 2024affected < 2.16.0fixed 2.16.0
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can trave
- CVE-2024-2029Apr 10, 2024affected < 2.10.0fixed 2.10.0
A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenam
- CVE-2024-3135Apr 1, 2024affected <= 2.7.0
A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability