CVE-2024-5181

NONE EPSS 84.0%
Published Jun 26, 20242y ago · Modified Jun 17, 20262w ago
Find Similar
Published Jun 26, 2024 2y ago
Last Modified Jun 17, 2026 2w ago

Description

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by manipulating the path of the vulnerable binary file specified in the backend parameter, allowing the execution of arbitrary code on the system. This issue is due to improper neutralization of special elements used in an OS command, leading to potential full control over the affected system.

Threat Intelligence

EPSS Exploit Probability
84.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 1

VendorProductVersionRange
mudlerlocalai2.14.0any

References 2

  • github.com https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e
    Patch
  • huntr.com https://huntr.com/bounties/c6e3cb58-6fa4-4207-bb92-ae7644174661
    ExploitThird Party Advisory

Remediation

  • github.com https://github.com/mudler/localai/commit/1a3dedece06cab1acc3332055d285ac540a47f0e
    Patch