CVE-2024-6868

Name of the Vulnerable Software and Affected Versions mudler/LocalAI version 2.17.1

Description The issue arises from improper handling of automatic archive extraction in model configurations. When archives (e.g., .tar) are specified, they are automatically extracted after downloading, potentially allowing for a 'tarslip' attack. This can enable writing files to arbitrary server locations, bypassing normal restrictions to the models directory. The issue can lead to remote code execution (RCE) by overwriting backend assets.

Recommendations For mudler/LocalAI version 2.17.1, consider disabling automatic archive extraction until a patch is available to prevent potential exploitation. Restrict access to model configurations that specify additional files as archives to minimize the risk of arbitrary file writes.