AVID-2026-R1584

Description

SSRF and Partial LFI in /models/apply Endpoint in mudler/localai (CVE-2024-6095)

Details

A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s):// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the length of the error message. This vulnerability can be exploited by an attacker with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files. The issue is fixed in version 2.17.

Reason for inclusion in AVID: CVE-2024-6095 describes a network-accessible SSRF and partial LFI in the /models/apply endpoint of mudler/localai, an AI model-serving component. This directly concerns AI software used to deploy and run general-purpose AI systems (model serving/runtime). It is a security vulnerability in a software package that is part of the AI stack, with potential impact on internal services and local data. The issue is mitigated in a newer version (2.17). This satisfies AI relevance, GPAI supply-chain scope, and security impact with sufficient evidence.

References

• NVD entry
• https://huntr.com/bounties/4799262d-72dc-43c8-bc99-81d0dce996dc
• https://github.com/mudler/localai/commit/2fc6fe806b903ac0a70218b21b5c84443a1b0866

Affected or Relevant Artifacts

• Developer: mudler
• Deployer: mudler
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-07-06
• Version: 0.3.3
• AVID Entry