Skip to content

Commit b565e8e

Browse files
Merge pull request #601 from frkngksl:mudlerRCE
PiperOrigin-RevId: 807857134 Change-Id: Ibfe9e4500783827e3536a5b17861b50d98abb85b
2 parents 64fd45e + 3ee3b2c commit b565e8e

8 files changed

Lines changed: 852 additions & 0 deletions

File tree

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Mudler LocalAI RCE CVE-2024-6983 Detector
2+
3+
Mudler LocalAI versions before 2.19.4 are vulnerable to remote code execution.
4+
The vulnerability arises because the localai backend receives inputs not only
5+
from the configuration file but also from other inputs, allowing an attacker to
6+
upload a binary file and execute malicious code. This can lead to the attacker
7+
gaining full control over the system.
8+
9+
- https://huntr.com/bounties/f91fb287-412e-4c89-87df-9e4b6e609647
10+
- https://sightline.protectai.com/vulnerabilities/b182990f-02ea-49d0-9fad-61030cbe6460/assess
11+
12+
## Build jar file for this plugin
13+
14+
Using `gradlew`:
15+
16+
```shell
17+
./gradlew jar
18+
```
19+
20+
Tsunami identifiable jar file is located at `build/libs` directory.
Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
plugins {
2+
id 'java-library'
3+
}
4+
5+
description = 'Tsunami CVE-2024-6983 VulnDetector plugin.'
6+
group 'com.google.tsunami'
7+
version '0.0.1-SNAPSHOT'
8+
9+
10+
repositories {
11+
maven { // The google mirror is less flaky than mavenCentral()
12+
url 'https://maven-central.storage-download.googleapis.com/repos/central/data/'
13+
}
14+
mavenCentral()
15+
mavenLocal()
16+
}
17+
18+
def coreRepoBranch = System.getenv("GITBRANCH_TSUNAMI_CORE") ?: "stable"
19+
def tcsRepoBranch = System.getenv("GITBRANCH_TSUNAMI_TCS") ?: "stable"
20+
21+
dependencies {
22+
implementation("com.google.tsunami:tsunami-common") {
23+
version { branch = "${coreRepoBranch}" }
24+
}
25+
implementation("com.google.tsunami:tsunami-plugin") {
26+
version { branch = "${coreRepoBranch}" }
27+
}
28+
implementation("com.google.tsunami:tsunami-proto") {
29+
version { branch = "${coreRepoBranch}" }
30+
}
31+
32+
testImplementation "junit:junit:4.13.2"
33+
testImplementation "org.mockito:mockito-core:5.18.0"
34+
testImplementation "com.google.truth:truth:1.4.4"
35+
testImplementation "com.squareup.okhttp3:mockwebserver:3.12.0"
36+
testImplementation "com.google.truth.extensions:truth-java8-extension:1.4.4"
37+
testImplementation "com.google.truth.extensions:truth-proto-extension:1.4.4"
38+
}
Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
rootProject.name = 'CVE-2024-6983'
2+
3+
def coreRepository = System.getenv("GITREPO_TSUNAMI_CORE") ?: "https://github.com/google/tsunami-security-scanner.git"
4+
def tcsRepository = System.getenv("GITREPO_TSUNAMI_TCS") ?: "https://github.com/google/tsunami-security-scanner-callback-server.git"
5+
6+
sourceControl {
7+
gitRepository("${coreRepository}") {
8+
producesModule("com.google.tsunami:tsunami-common")
9+
producesModule("com.google.tsunami:tsunami-plugin")
10+
producesModule("com.google.tsunami:tsunami-proto")
11+
}
12+
}
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,27 @@
1+
/*
2+
* Copyright 2024 Google LLC
3+
*
4+
* Licensed under the Apache License, Version 2.0 (the "License");
5+
* you may not use this file except in compliance with the License.
6+
* You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software
11+
* distributed under the License is distributed on an "AS IS" BASIS,
12+
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13+
* See the License for the specific language governing permissions and
14+
* limitations under the License.
15+
*/
16+
17+
package com.google.tsunami.plugins.detectors.cves.cve20246983;
18+
19+
import com.google.tsunami.plugin.PluginBootstrapModule;
20+
21+
/** An CVE-2024-6983 Guice module that bootstraps the {@link Cve20246983VulnDetector}. */
22+
public class Cve20246983DetectorBootstrapModule extends PluginBootstrapModule {
23+
@Override
24+
protected void configurePlugin() {
25+
registerPlugin(Cve20246983VulnDetector.class);
26+
}
27+
}

0 commit comments

Comments
 (0)