HIGH🇵🇱 Wersja polska

CVE-2024-6983

CVSS 8.8v3.0pub. 2024-09-27upd. 2025-07-10

mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Mudler Localai

    APP
    Mudler
    2.17.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-6868CRITICAL9.8PL ✓ten sam produkt

Podatność tarslip w LocalAI umożliwiająca RCE przez arbitralny zapis pliku

CVE-2024-5181CRITICAL9.8PL ✓ten sam produkt

Command injection w LocalAI — pełne przejęcie systemu przez parametr backend

CVE-2024-5182CRITICAL9.1PL ✓ten sam produkt

Path traversal w LocalAI umożliwiający usuwanie dowolnych plików

CVE-2024-2029CRITICAL9.8PL ✓ten sam produkt

Command injection w mudler/LocalAI — endpoint transkrypcji audio

CVE-2024-9900MEDIUM6.1ten sam produkt

mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality...