CVE-2024-9900: Stored XSS Vulnerability in Muddler’s LocalAI

Author
Updated: December 6th, 2024
2 mins read
stored-xss-vulnerability-in-muddler-localai

Product Name: Dynamic Dashboard
Vulnerability: Stored XSS
Vulnerable Version: >= 3.0.0, < 3.0.1
CVE: CVE-2024-47817

Astra Security researchers identified a vulnerability in LocalAI, an Open-Source OpenAI alternative. The vulnerability, CVE-2024-9900, is a stored Cross-Site Scripting issue affecting the LocalAI v2.21.1 prompts, which allow malicious scripts and payloads to be input.

A stored Cross-Site Scripting vulnerability allows users to inject malicious code into the application, in this case, the prompts used to run LLMs and generate images or audio, and this piece of code persists in the application and is triggered every time a user interacts with the infected web page.

CVE-2024-9900: Technical Breakdown

How Was It Discovered?

Astra researchers scanned the software for security vulnerabilities and discovered that the user input was not properly sanitized, allowing the injection of malicious scripts.

During the analysis, <audio> tags were used to embed the audio files along with the ondurationchange attribute to trigger the final XSS payload.

ondurationchange=prompt.valueOf()(1)

How To Recreate This Vulnerability?

Enter Payload:

  • Insert the following audio payload into the target input field:
    "'"><audio controls ondurationchange=prompt.valueOf()(1) id=dalfox><source src=1.mp3 type=audio/mpeg></audio>"

Submit Request:

  • Submit the search request or form containing the payload.

Observe Rendering:

  • After submission, observe the rendered webpage to see if the audio player appears.
  • When the payload is injected into a webpage, and the audio player is rendered, the browser loads the mp3 file.
  • As the audio file is recognized, the ondurationchange event fires.
  • The event handler (prompt.valueOf()(1)) executes, causing a prompt box to appear with the number 1.

Impact of Stored XSS

This vulnerability, rated medium with a CVSS score of 5.4, results in executing arbitrary JavaScript code in the context of the user’s session. Potentially steal session cookies, redirect users to malicious websites, or manipulate the DOM, compromising the overall security of users and the integrity of the web application.

Unlike reflected XSS, stored XSS is persistent and can be used for malware and ransomware deployment. Malicious scripts can modify the content on web pages, presenting misleading information or making it hard for users to identify malicious content and engage with it.

Current Status 

The development team behind the LocalAi application has mitigated the stored XSS vulnerability with their v2.22.0 release. Users still using older versions are advised to upgrade to the latest version to avoid misuse of the vulnerability.

What Can You Do?

To avoid potential exploitation, users are strongly advised to update Mudler/LocalAI to the latest version, which includes essential security patches.