{"id":35905,"date":"2024-12-02T21:22:02","date_gmt":"2024-12-02T15:52:02","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=35905"},"modified":"2024-12-06T21:05:23","modified_gmt":"2024-12-06T15:35:23","slug":"cve-2024-9900-stored-xss-vulnerability-in-muddlers-localai","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/vulnerability\/cve-2024-9900-stored-xss-vulnerability-in-muddlers-localai\/","title":{"rendered":"CVE-2024-9900: Stored XSS Vulnerability in Muddler\u2019s LocalAI"},"content":{"rendered":"<div class=\"gb-container gb-container-e43a8917\">\n<div class=\"gb-container gb-container-284e167f\">\n\n<p class=\"wp-block-paragraph\"><strong>Product Name:<\/strong> Dynamic Dashboard<br><strong>Vulnerability:<\/strong> Stored XSS<br><strong>Vulnerable Version: <\/strong>>= 3.0.0, &lt; 3.0.1<br><strong>CVE:<\/strong> CVE-2024-47817<\/p>\n\n<\/div>\n<\/div>\n\n\n<p class=\"wp-block-paragraph\">Astra Security researchers identified a vulnerability in LocalAI, an Open-Source OpenAI alternative. The vulnerability, <strong>CVE-2024-9900<\/strong>, is a stored Cross-Site Scripting issue affecting the LocalAI v2.21.1 prompts, which allow malicious scripts and payloads to be input.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A stored Cross-Site Scripting vulnerability allows users to inject malicious code into the application, in this case, the prompts used to run LLMs and generate images or audio, and this piece of code persists in the application and is triggered every time a user interacts with the infected web page.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"CVE-2024-9900_Technical_Breakdown\"><\/span>CVE-2024-9900: Technical Breakdown<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">How Was It Discovered?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Astra researchers scanned the software for security vulnerabilities and discovered that the user input was not properly sanitized, allowing the injection of malicious scripts.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">During the analysis, <code>&lt;audio&gt;<\/code> tags were used to embed the audio files along with the <code><strong>ondurationchange<\/strong><\/code> attribute to trigger the final XSS payload.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong><code>ondurationchange=prompt.valueOf()(1)<\/code><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How To Recreate This Vulnerability?<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Enter Payload<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Insert the following audio payload into the target input field:<br><strong><code>\"'\"&gt;&lt;audio controls ondurationchange=prompt.valueOf()(1) id=dalfox&gt;&lt;source src=1.mp3 type=audio\/mpeg&gt;&lt;\/audio&gt;\"<\/code><\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Submit Request<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Submit the search request or form containing the payload.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Observe Rendering<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>After submission, observe the rendered webpage to see if the audio player appears.<\/li>\n\n\n\n<li>When the payload is injected into a webpage, and the audio player is rendered, the browser loads the mp3 file.<\/li>\n\n\n\n<li>As the audio file is recognized, the <code><strong>ondurationchange<\/strong><\/code> event fires.<\/li>\n\n\n\n<li>The event handler <strong><code>(prompt.valueOf()(1))<\/code><\/strong> executes, causing a prompt box to appear with the number 1.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Impact_of_Stored_XSS\"><\/span>Impact of Stored XSS<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This vulnerability, rated medium with a CVSS score of <strong>5.4<\/strong>, results in executing arbitrary JavaScript code in the context of the user\u2019s session. Potentially steal session cookies, redirect users to malicious websites, or manipulate the DOM, compromising the overall security of users and the integrity of the web application.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Unlike reflected XSS, stored XSS is persistent and can be used for malware and ransomware deployment. Malicious scripts can modify the content on web pages, presenting misleading information or making it hard for users to identify malicious content and engage with it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Current_Status\"><\/span>Current Status&nbsp;<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The development team behind the LocalAi application has mitigated the stored XSS vulnerability with their v2.22.0 release. Users still using older versions are advised to upgrade to the latest version to avoid misuse of the vulnerability.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Can_You_Do\"><\/span>What Can You Do?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To avoid potential exploitation, users are strongly advised to update <a href=\"https:\/\/github.com\/mudler\/LocalAI\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Mudler\/LocalAI<\/a> to the latest version, which includes essential security patches.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Product Name: Dynamic DashboardVulnerability: Stored XSSVulnerable Version: >= 3.0.0, &lt; 3.0.1CVE: CVE-2024-47817 Astra Security researchers identified a vulnerability in LocalAI, an Open-Source OpenAI alternative. The vulnerability, CVE-2024-9900, is a stored Cross-Site Scripting issue affecting the LocalAI v2.21.1 prompts, which allow malicious scripts and payloads to be input. A stored Cross-Site Scripting vulnerability allows users to &#8230; <a title=\"CVE-2024-9900: Stored XSS Vulnerability in Muddler\u2019s LocalAI\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/vulnerability\/cve-2024-9900-stored-xss-vulnerability-in-muddlers-localai\/\" aria-label=\"Read more about CVE-2024-9900: Stored XSS Vulnerability in Muddler\u2019s LocalAI\">Read more<\/a><\/p>\n","protected":false},"author":121,"featured_media":35906,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[723],"tags":[],"class_list":["post-35905","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/35905","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/121"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=35905"}],"version-history":[{"count":10,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/35905\/revisions"}],"predecessor-version":[{"id":36081,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/35905\/revisions\/36081"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/35906"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=35905"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=35905"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=35905"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}