AVID-2026-R1594

Description

Arbitrary File Write in mudler/LocalAI (CVE-2024-6868)

Details

mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a ‘tarslip’ attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server.

Reason for inclusion in AVID: The CVE describes an arbitrary file write vulnerability in mudler/LocalAI, a runtime/tool used to run AI models. This directly concerns AI systems, affects a component used to deploy/run AI workloads, poses a security risk (potential RCE), and the report provides explicit CVE details, impact, and references. Therefore it is relevant to the general-purpose AI software supply chain and has sufficient evidence for AVID curation.

References

• NVD entry
• https://huntr.com/bounties/752d2376-2d9a-4e17-b462-3c267f9dd229
• https://github.com/mudler/localai/commit/a181dd0ebc5d3092fc50f61674d552604fe8ef9c

Affected or Relevant Artifacts

• Developer: mudler
• Deployer: mudler
• Artifact Details:

Impact

AVID Taxonomy Categorization

• Risk domains: Security
• SEP subcategories: S0100: Software Vulnerability
• Lifecycle stages: L06: Deployment

CVSS

CWE

Other information

• Report Type: Advisory
• Credits:
• Date Reported: 2024-10-29
• Version: 0.3.3
• AVID Entry