Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal in mudler/localai
Vulnerability Description
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated `model` parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the `model` parameter.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
LocalAI 路径遍历漏洞
Vulnerability Description
LocalAI是Ettore Di Giacinto个人开发者的一个免费的、开源的 OpenAI 替代方案。 LocalAI 2.14.0版本存在路径遍历漏洞,该漏洞源于存在路径遍历漏洞,攻击者可以在模型删除过程中利用model参数来删除任意文件。
CVSS Information
N/A
Vulnerability Type
N/A