CVE-2024-5181
NONE EPSS 84.0%
Published Jun 26, 20242y ago · Modified Jun 17, 20262w ago
Published Jun 26, 2024 2y ago
Last Modified Jun 17, 2026 2w ago
Description
A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by manipulating the path of the vulnerable binary file specified in the backend parameter, allowing the execution of arbitrary code on the system. This issue is due to improper neutralization of special elements used in an OS command, leading to potential full control over the affected system.
Threat Intelligence
EPSS Exploit Probability
84.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available
Weaknesses 1
CWE-78 OS Command Injection Injection
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| mudler | localai | 2.14.0 | any |
References 2
- github.com https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e
- huntr.com https://huntr.com/bounties/c6e3cb58-6fa4-4207-bb92-ae7644174661
Remediation
- github.com https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e