Critical

localai

Command Injection Vulnerability in Model Initialization

A command injection vulnerability was identified in LocalAI versions 2.14.0 through 2.15.9, allowing attackers to execute arbitrary code via the backend parameter in a configuration file. This issue was patched in version 2.16.0.

Available publicly on Jun 26 2024

9.8

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Credit:

mvlttt
Threat Overview

The vulnerability arises from the improper handling of user-supplied input in the backend parameter of the configuration file. When LocalAI initializes a model, it uses this parameter in the name of the process without adequate sanitization. This flaw enables attackers to specify a path to a vulnerable binary file, leading to arbitrary code execution on the system where LocalAI is running.

Attack Scenario

An attacker crafts a malicious configuration file with a specially crafted backend parameter pointing to a binary file containing malicious code. When LocalAI processes this configuration to initialize a model, the attacker's code is executed, potentially compromising the system.

Who is affected

Any system running LocalAI versions 2.14.0 through 2.15.9 that processes user-supplied configuration files for model initialization is vulnerable to this attack. This includes environments where users can submit custom models or configurations.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.