Free Trial

CVE-2024-6983 : MUDLER LOCALAI UP TO 2.19.3 CONFIGURATION FILE CODE INJECTION

Description

mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system.

References

https://huntr.com/bounties/f91fb287-412e-4c89-87df-9e4b6e609647

https://github.com/mudler/localai/commit/d02a0f6f01d5c4a926a2d67190cb55d7aca23b66

For More Information

CVERecord

Common Vulnerabilityies and Exposures

CVE-2024-6983 : MUDLER LOCALAI UP TO 2.19.3 CONFIGURATION FILE CODE INJECTION
CVE-2024-6983 : MUDLER LOCALAI UP TO 2.19.3 CONFIGURATION FILE CODE INJECTION

Contact us to get started

CVE-2024-33368 : PLASMOAPP RPSHARE FABRIC MOD 1.0.0 DOWNLOADPROMPTSCREEN BUILD OS COMMAND INJECTION

CVE-2024-33368 : PLASMOAPP RPSHARE FABRIC MOD 1.0.0 DOWNLOADPROMPTSCREEN BUILD OS COMMAND INJECTION

Description An issue in Plasmoapp RPShare Fabric mod v.1.0.0 allows a remote attacker to execute arbitrary code via the build

Learn more
CVE-2024-39275 : ADVANTECH ADAM-5630 UP TO 2.5.1 PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION

CVE-2024-39275 : ADVANTECH ADAM-5630 UP TO 2.5.1 PERSISTENT COOKIES CONTAINING SENSITIVE INFORMATION

Description Cookies of authenticated Advantech ADAM-5630 users remain as active valid cookies when a session is closed. Forging requests with

Learn more
CVE-2024-46257 : NGINXPROXYMANAGER 2.11.3 REQUESTLETSENCRYPTSSLWITHDNSCHALLENGE COMMAND INJECTION

CVE-2024-46257 : NGINXPROXYMANAGER 2.11.3 REQUESTLETSENCRYPTSSLWITHDNSCHALLENGE COMMAND INJECTION

Description A Command injection vulnerability in requestLetsEncryptSslWithDnsChallenge in NginxProxyManager 2.11.3 allows an attacker to achieve remote code execution via Add

Learn more