Vulnerabilities > Mudler

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-6868 Unspecified vulnerability in Mudler Localai 2.17.1
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction.
network
low complexity
mudler
critical
9.8
2024-10-29 CVE-2024-7010 Information Exposure Through Discrepancy vulnerability in Mudler Localai 2.17.1
mudler/localai version 2.17.1 is vulnerable to a Timing Attack.
network
high complexity
mudler CWE-203
5.9
2024-07-06 CVE-2024-6095 Unspecified vulnerability in Mudler Localai
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI).
network
low complexity
mudler
5.8
2024-06-20 CVE-2024-5182 Unspecified vulnerability in Mudler Localai
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files.
network
low complexity
mudler
critical
9.1