CVE-2024-48057

CVE-2024-48057

### CVE-2024-48057: Cross-Site Scripting (XSS) and CSRF in LocalAI <= 2.20.1

### Description

LocalAI version <= 2.20.1 is vulnerable to Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). When calling the delete model API and passing inappropriate parameters, it can lead to a one-time storage XSS vulnerability. This payload is stored temporarily and triggers when a user accesses the homepage. The combination of storage XSS with CSRF exposure presents significant security risks, as attackers may inject malicious scripts or perform unauthorized actions by exploiting both vulnerabilities.

### Vulnerability Type

- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)

### Vendor of Product

- https://github.com/mudler/localai

### Affected Product Code Base

- LocalAI <= 2.20.1

### Affected Component

- The delete model API in LocalAI, where improper parameter handling leads to a one-time storage XSS and CSRF vulnerability, with the payload executed upon accessing the homepage.

### Attack Type

- Remote

### Impact

- Code Execution, Unauthorized Requests

### Attack Vectors

- The attack involves exploiting the delete model API by passing improper parameters, causing the injection of a storage XSS payload that will activate upon a user's access to the homepage.

### Reference

- https://rumbling-slice-eb0.notion.site/LocalAI-deleted-model-with-storage-XSS-CSRF-vulnerability-in-mudler-localai-101e3cda9e8c80e0ac12fe418d5dd982?pvs=4

### Discoverer

- Aftersnows, hrp