CVE-2024-6983

Name of the Vulnerable Software and Affected Versions mudler/localai version 2.17.1

Description The issue arises because the localai backend receives inputs not only from the configuration file but also from other inputs, allowing an attacker to upload a binary file and execute malicious code. This can lead to the attacker gaining full control over the system. The vulnerability is being actively exploited.

Recommendations For mudler/localai version 2.17.1, update to version 2.17.2 to patch the remote code execution vulnerability in the localai backend, preventing attackers from executing malicious code and gaining system control.