Every CVE whose affected-product data names Mudler Localai, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2024-6868 — CVSS 9.8 (critical): mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model…
CVE-2024-5181 — CVSS 9.8 (critical): A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of…
CVE-2024-2029 — CVSS 9.8 (critical): A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used…
CVE-2024-5182 — CVSS 9.1 (critical): A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the…
CVE-2024-6983 — CVSS 8.8 (high): mudler/localai version 2.17.1 is vulnerable to remote code execution. The vulnerability arises because the localai backend receives inputs…
CVE-2024-3135 — CVSS 6.5 (medium): A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages…
CVE-2024-9900 — CVSS 6.1 (medium): mudler/localai version v2.21.1 contains a Cross-Site Scripting (XSS) vulnerability in its search functionality. The vulnerability arises…
CVE-2024-48057 — CVSS 6.1 (medium): localai <=2.20.1 is vulnerable to Cross Site Scripting (XSS). When calling the delete model API and passing inappropriate parameters, it…
CVE-2024-7010 — CVSS 5.9 (medium): mudler/localai version 2.17.1 is vulnerable to a Timing Attack. This type of side-channel attack allows an attacker to compromise the…
CVE-2024-6095 — CVSS 5.8 (medium): A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial…
CVE-2024-5616 — CVSS 4.3 (medium): A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to…