Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF Vulnerability in mudler/LocalAI
Vulnerability Description
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
LocalAI 安全漏洞
Vulnerability Description
LocalAI是Ettore Di Giacinto个人开发者的一个免费的、开源的 OpenAI 替代方案。 LocalAI 2.15.0 版本及之前版本存在安全漏洞,该漏洞源于存在跨站点请求伪造 (CSRF) 漏洞。攻击者可利用该漏洞诱骗受害者删除已安装的模型。
CVSS Information
N/A
Vulnerability Type
N/A