Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AI Plugin: Command injection in audioToWav in mudler/localai #554

Open
devampkid opened this issue Nov 27, 2024 · 1 comment
Open

AI Plugin: Command injection in audioToWav in mudler/localai #554

devampkid opened this issue Nov 27, 2024 · 1 comment
Assignees
@devampkid
Labels
ai-bounty-prp Identify an AI bounty plugin Contributor main The main issue a contributor is working on (top of the contribution queue). PRP:Accepted

Comments

@devampkid
Copy link

Hi, I'm excited to start contributing to the tsunami ecosystem with my first AI plugin.

I saw this request as very complicated to implement a plugin for: #551
but there is a CVE-2024-2029 for the same repository which I think I can implement according to the tsunami plugin capabilities.

The Exploit and description are available here: https://huntr.com/bounties/e092528a-ce3b-4e66-9b98-3f56d6b276b0.

According to the original report, the exploit is a simple HTTP POST request.

  1. first we get the model names since the exploit needs the model name first.: curl http://localhost:8080/models
  2. then we run the exploit according to the original report, the RCE is reflective so we don't need an out-of-band check too.
@maoning maoning added the ai-bounty-prp Identify an AI bounty plugin label Dec 3, 2024
@maoning maoning added PRP:Accepted Contributor main The main issue a contributor is working on (top of the contribution queue). labels Dec 3, 2024
@maoning
Copy link
Collaborator

maoning commented Dec 3, 2024

@devampkid ,

Thank you for the request, you can start working on this.

Please complete the following items before starting the plugin improvement work:

This was referenced Dec 5, 2024
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@devampkid devampkid

Labels
ai-bounty-prp Identify an AI bounty plugin Contributor main The main issue a contributor is working on (top of the contribution queue). PRP:Accepted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maoning @devampkid