修复版本
2.19.4
CVE-2024-6983 is a critical Remote Code Execution (RCE) vulnerability discovered in mudler/localai. This flaw allows attackers to upload and execute arbitrary code on vulnerable systems, leading to complete compromise. The vulnerability affects versions of localai up to and including 2.17.1. A fix is available in version 2.19.4.
The impact of CVE-2024-6983 is severe. An attacker exploiting this vulnerability can execute arbitrary commands with the privileges of the localai process. This could involve installing malware, stealing sensitive data, modifying system configurations, or establishing a persistent backdoor. Given localai's potential use in local development and testing environments, a successful exploit could compromise developer machines and potentially lead to supply chain attacks if malicious code is integrated into applications. The ability to execute arbitrary code grants the attacker a high degree of control over the affected system.
CVE-2024-6983 was published on 2024-09-27. The vulnerability's nature (RCE via file upload) aligns with common attack vectors. Public proof-of-concept (PoC) code is likely to emerge, increasing the risk of exploitation. The KEV status is currently unknown. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Developers and system administrators using localai for local development, testing, or deployment are at risk. Environments where localai is exposed to untrusted networks or external users are particularly vulnerable. Users relying on older versions of localai (≤2.17.1) without robust input validation measures are also at heightened risk.
• linux / server:
journalctl -u localai | grep -i "uploading executable"• generic web:
curl -I http://<localai_host>/upload | grep Content-Type• go: Inspect localai source code for insecure file handling functions. Look for functions that directly execute uploaded files without proper validation.
disclosure
漏洞利用状态
EPSS
4.95% (90% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2024-6983 is to upgrade to version 2.19.4 or later. If upgrading immediately is not feasible, consider implementing temporary workarounds. Restrict file upload capabilities within localai to only trusted sources. Implement strict input validation to prevent the upload of executable files. Monitor system logs for suspicious file uploads or command execution attempts. Consider using a Web Application Firewall (WAF) to filter potentially malicious requests. After upgrading, confirm the fix by attempting to upload a test file and verifying that it is rejected.
Actualice a una versión posterior a la 2.17.1 que contenga la corrección para la vulnerabilidad de ejecución remota de código. Consulte las notas de la versión y el registro de cambios para obtener más detalles sobre la actualización y las medidas de seguridad implementadas.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2024-6983 is a critical Remote Code Execution vulnerability in localai versions up to 2.17.1, allowing attackers to execute arbitrary code on the system.
You are affected if you are using localai version 2.17.1 or earlier. Check your version and upgrade immediately.
Upgrade to localai version 2.19.4 or later to resolve the vulnerability. Implement temporary workarounds if immediate upgrade is not possible.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation attempts.
Refer to the official localai project repository and security advisories for the latest information and updates regarding CVE-2024-6983.
上传你的 go.mod 文件,立即知道是否受影响。