cbcvebase.
CVE-2024-5616
published 2024-07-06

CVE-2024-5616: A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into…

PriorityP417medium4.3CVSS 3.0
AVNACLPRNUIRSUCNINAL
EPSS
0.24%
15.2th percentile
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality.

Affected

2 ranges
VendorProductVersion rangeFixed in
mudlerlocalai<= 2.15.0
mudlermudler_localai>= unspecified < 2.172.17
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.