CVE-2024-9901

CVSS 3.0 Score 3.4 of 10 (low)

Details

Published Mar 20, 2025

CWE ID 79

Summary

CVE-2024-9901 is a newly discovered vulnerability affecting LocalAI version 2.19.4. This issue stems from the improper input neutralization in the delete model API during web page generation, creating a one-time storage cross-site scripting (XSS) vulnerability. An attacker can exploit this weakness to inject and execute malicious payloads when users access the homepage. Furthermore, the presence of cross-site request forgery (CSRF) in the application may enable automated malicious requests, increasing the potential threat to users.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/za5PIZ
https://www.cve.org/CVERecord?id=CVE-2024-9901
https://nvd.nist.gov/vuln/detail/CVE-2024-9901

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Stimmen aus Moskau: Russian Influence Operations Target German Elections

2024 Malicious Infrastructure Report

2024 Annual Report

Know What Matters

For Customers

For Partners

CVE-2024-9901

CVSS 3.0 Score 3.4 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations