CVE-2024-5616
published 2024-07-06CVE-2024-5616: A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into…
PriorityP417medium4.3CVSS 3.0
AVNACLPRNUIRSUCNINAL
EPSS
0.24%
15.2th percentile
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mudler | localai | <= 2.15.0 | — |
| mudler | mudler_localai | >= unspecified < 2.17 | 2.17 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-06
Published