CVE-2024-6868

Exploit

EPSS 0.63%
Veröffentlicht 29.10.2024 13:15:08
Zuletzt bearbeitet 15.10.2025 13:15:50
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mudler ≫ Localai Version2.17.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.63%	0.699

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@huntr.dev	8.1	2.8	5.2	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://github.com/mudler/localai/commit/a181dd0ebc5d3092fc50f61674d552604fe8ef9c

Patch

https://huntr.com/bounties/752d2376-2d9a-4e17-b462-3c267f9dd229

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-6868

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6868

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6868

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-6868