Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Timing Attack in mudler/localai
Vulnerability Description
mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the cryptosystem by analyzing the time taken to execute cryptographic algorithms. Specifically, in the context of password handling, an attacker can determine valid login credentials based on the server's response time, potentially leading to unauthorized access.
CVSS Information
N/A
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
LocalAI 信息泄露漏洞
Vulnerability Description
LocalAI是Ettore Di Giacinto个人开发者的一个免费的、开源的 OpenAI 替代方案。 LocalAI 2.17.1版本存在信息泄露漏洞,该漏洞源于容易受到定时攻击,允许攻击者通过分析执行加密算法所需的时间来破坏密码系统。
CVSS Information
N/A
Vulnerability Type
N/A