CVE-2024-9308
- EPSS 0.18%
- Veröffentlicht 20.03.2025 10:10:36
- Zuletzt bearbeitet 15.07.2025 15:46:41
An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribut...
CVE-2024-12065
- EPSS 0.14%
- Veröffentlicht 20.03.2025 10:09:49
- Zuletzt bearbeitet 21.10.2025 14:47:02
A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validati...
CVE-2024-9309
- EPSS 0.12%
- Veröffentlicht 20.03.2025 10:09:43
- Zuletzt bearbeitet 15.07.2025 15:46:20
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). This vulnerability allows attackers to exploit the victim Control...
CVE-2024-12068
- EPSS 0.12%
- Veröffentlicht 20.03.2025 10:08:58
- Zuletzt bearbeitet 21.10.2025 14:46:49
A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive d...
CVE-2024-10225
- EPSS 0.26%
- Veröffentlicht 20.03.2025 10:08:54
- Zuletzt bearbeitet 15.10.2025 13:15:34
A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process ea...