mudler/localai
Corrigido em
2.19.4
CVE-2024-6983 is a critical Remote Code Execution (RCE) vulnerability discovered in mudler/localai. This flaw allows attackers to upload and execute arbitrary code on vulnerable systems, leading to complete compromise. The vulnerability affects versions of localai up to and including 2.17.1. A fix is available in version 2.19.4.
The impact of CVE-2024-6983 is severe. An attacker exploiting this vulnerability can execute arbitrary commands with the privileges of the localai process. This could involve installing malware, stealing sensitive data, modifying system configurations, or establishing a persistent backdoor. Given localai's potential use in local development and testing environments, a successful exploit could compromise developer machines and potentially lead to supply chain attacks if malicious code is integrated into applications. The ability to execute arbitrary code grants the attacker a high degree of control over the affected system.
CVE-2024-6983 was published on 2024-09-27. The vulnerability's nature (RCE via file upload) aligns with common attack vectors. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of exploitation. The KEV status is currently unknown. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Developers and system administrators using localai for local development, testing, or deployment are at risk. Environments where localai is exposed to untrusted networks or external users are particularly vulnerable. Users relying on older versions of localai (≤2.17.1) without robust input validation measures are also at heightened risk.
• linux / server:
journalctl -u localai | grep -i "uploading executable"• generic web:
curl -I http://<localai_host>/upload | grep Content-Type• go: Inspect localai source code for insecure file handling functions. Look for functions that directly execute uploaded files without proper validation.
disclosure
Status do Exploit
EPSS
4.95% (percentil 90%)
CISA SSVC
Vetor CVSS
The primary mitigation for CVE-2024-6983 is to upgrade to version 2.19.4 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restrict file upload capabilities within localai to only trusted sources. Implement strict input validation to prevent the upload of executable files. Monitor system logs for suspicious file uploads or command execution attempts. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests. After upgrading, confirm the fix by attempting to upload a test file and verifying that it is rejected.
Actualice a una versión posterior a la 2.17.1 que contenga la corrección para la vulnerabilidad de ejecución remota de código. Consulte las notas de la versión y el registro de cambios para obtener más detalles sobre la actualización y las medidas de seguridad implementadas.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-6983 is a critical Remote Code Execution vulnerability in localai versions up to 2.17.1, allowing attackers to execute arbitrary code on the system.
You are affected if you are using localai version 2.17.1 or earlier. Check your version and upgrade immediately.
Upgrade to localai version 2.19.4 or later to resolve the vulnerability. Implement temporary workarounds if immediate upgrade is not possible.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation attempts.
Refer to the official localai project repository and security advisories for the latest information and updates regarding CVE-2024-6983.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo go.mod e descubra na hora se você está afetado.