CVE-2024-3135 Information

Description

The web server lacked CSRF tokens allowing an attacker to host malicious JavaScript on a host that when visited by a LocalAI user could allow the attacker to fill disk space to deny service or abuse credits.

Reference

https://huntr.com/bounties/7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8