Security
Headlines

Headlines Latest CVEs

Headline

GHSA-cpcx-r2gq-x893: LocalAI path traversal vulnerability

A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the model parameter during the model deletion process to delete arbitrary files. Specifically, by crafting a request with a manipulated model parameter, an attacker can traverse the directory structure and target files outside of the intended directory, leading to the deletion of sensitive data. This vulnerability is due to insufficient input validation and sanitization of the model parameter.

5 months ago

#vulnerability #git

GitHub Advisory Database
GitHub Reviewed
CVE-2024-5182

LocalAI path traversal vulnerability

High severity GitHub Reviewed Published Jun 20, 2024 to the GitHub Advisory Database • Updated Jun 20, 2024

Package

gomod github.com/go-skynet/LocalAI (Go)

Affected versions

< 2.16.0

Published to the GitHub Advisory Database

Jun 20, 2024

Last updated

Jun 20, 2024

ghsa: Latest News

GHSA-mj5r-x73q-fjw6: SPEmailHandler-PHP has Potential Abuse for Sending Arbitrary Emails

12 hours ago

GHSA-jwcm-9g39-pmcw: Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts

12 hours ago

GHSA-55v3-xh23-96gh: `auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace

12 hours ago

GHSA-j6vm-4r7g-x4gr: Devolutions.XTS.NET Vulnerable to Timing Attack on GF Multiplications

15 hours ago

GHSA-6q3q-6v5j-h6vg: Querydsl vulnerable to HQL injection trough orderBy

15 hours ago