The /models/apply endpoint in LocalAI version 2.15.0 is vulnerable to Server-Side Request Forgery (SSRF) and Local File Inclusion (LFI). The endpoint accepts both http(s):// and file:// schemes, which can be exploited by an attacker with network access. The SSRF vulnerability allows an attacker to make arbitrary HTTP requests to internal servers, potentially exposing sensitive information. The LFI vulnerability allows for limited reading of local files due to the length of the error message.

An attacker with network access to the LocalAI instance can exploit the SSRF vulnerability by sending a request to the /models/apply endpoint with a crafted URL parameter. This allows the attacker to scan internal ports and potentially access internal services. Additionally, the attacker can exploit the LFI vulnerability by sending a request with a file:// URL to read local files, although the output is limited.

Users running LocalAI version 2.15.0 or earlier without proper network segmentation or additional authentication mechanisms are affected by this vulnerability.