VYPR

Go modules package

github.com/go-skynet/localai

pkg:golang/github.com/go-skynet/localai

Vulnerabilities (3)

  • CVE-2024-5182Jun 19, 2024
    affected < 2.16.0fixed 2.16.0

    A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can trave

  • CVE-2024-2029Apr 10, 2024
    affected < 2.10.0fixed 2.10.0

    A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenam

  • CVE-2024-3135Apr 1, 2024
    affected <= 2.7.0

    A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability