mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:mudler:localai:2.17.1:*:*:*:*:*:*:* | |
Metrics |
cvssV3_1
|
Tue, 29 Oct 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mudler
Mudler localai |
|
CPEs | cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mudler
Mudler localai |
|
Metrics |
ssvc
|
Tue, 29 Oct 2024 13:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server. | |
Title | Arbitrary File Write in mudler/LocalAI | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-10-29T12:46:54.732Z
Updated: 2024-10-29T13:33:58.219Z
Reserved: 2024-07-17T21:19:44.930Z
Link: CVE-2024-6868
Vulnrichment
Updated: 2024-10-29T13:33:51.795Z
NVD
Status : Analyzed
Published: 2024-10-29T13:15:08.473
Modified: 2024-11-13T14:43:33.037
Link: CVE-2024-6868
Redhat
No data.