Vulnerabilities > Mudler > Localai > Critical

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-6868 Unspecified vulnerability in Mudler Localai 2.17.1
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction.
network
low complexity
mudler
critical
 9.8
9.8
2024-06-20 CVE-2024-5182 Unspecified vulnerability in Mudler Localai
A path traversal vulnerability exists in mudler/localai version 2.14.0, where an attacker can exploit the `model` parameter during the model deletion process to delete arbitrary files.
network
low complexity
mudler
critical
 9.1
9.1