CVE-2024-12070
- EPSS 0.35%
- Veröffentlicht 20.03.2025 10:11:17
- Zuletzt bearbeitet 14.07.2025 17:45:20
A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data with a large filename in the file upload request. B...
CVE-2024-9311
- EPSS 0.03%
- Veröffentlicht 20.03.2025 10:10:24
- Zuletzt bearbeitet 07.04.2025 14:54:12
A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enablin...
CVE-2024-11449
- EPSS 0.15%
- Veröffentlicht 20.03.2025 10:08:53
- Zuletzt bearbeitet 14.07.2025 17:36:26
A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending craf...