43 matches found
CVE-2024-9308 Open Redirect in haotian-liu/llava
An open redirect vulnerability in haotian-liu/llava version v1.2.0 LLaVA-1.6 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...
CVE-2024-9308
The CVE-2024-9308 entry concerns an open redirect in haotian-liu/llava v1.2.0 (LLaVA-1.6). The vulnerability stems from an open redirect that allows a remote, unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. Documented impact mentions phishing, malware...
CVE-2024-9311 Cross-Site Request Forgery to XSS in haotian-liu/llava
A Cross-Site Request Forgery CSRF vulnerability in haotian-liu/llava v1.2.0 LLaVA-1.6 allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code...
CVE-2024-9311
The vulnerability CVE-2024-9311 affects haotian-liu/llava v1.2.0 (LLaVA-1.6). A CSRF flaw lets an attacker upload files with malicious content without authentication, storing them in a predictable path and enabling arbitrary JavaScript execution in the victim’s browser when visiting the crafted f...
CVE-2024-12065 Local File Inclusion in haotian-liu/llava
A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component...
CVE-2024-9309 SSRF in POST /worker_generate_stream API endpoint in haotian-liu/llava
A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...
CVE-2024-9309
CVE-2024-9309 is a Server-Side Request Forgery (SSRF) affecting the Controller API Server of haotian-liu/llava v1.2.0 (LLaVA-1.6). The vulnerability exists in the POST /worker_generate_stream endpoint and could allow an attacker to leverage the server’s credentials to perform unauthorized web act...
CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava
A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...
CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava
A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...
CVE-2024-12068
CVE-2024-12068 affects haotian-liu/llava (Git commit c121f04). The vulnerability is a Server-Side Request Forgery (SSRF) that lets the server perform HTTP requests to arbitrary URLs, potentially exposing data only reachable from the server, such as AWS metadata credentials. A PoC/exploitation wor...
CVE-2024-10225 Denial of Service in haotian-liu/llava
A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service DoS by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application...
CVE-2024-10225 Denial of Service in haotian-liu/llava
A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service DoS by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application...
CVE-2024-10225
CVE-2024-10225 affects haotian-liu/llava v1.2.0. The vulnerability allows a Denial of Service by appending a large number of characters to the end of a multipart boundary in a file upload request, causing the server to process each character and render the application inaccessible. The CVSS metri...
CVE-2024-11449 Server-Side Request Forgery in haotian-liu/llava
A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...
PT-2025-12107 · Llava · Llava
Name of the Vulnerable Software and Affected Versions: haotian-liu/llava version 1.2.0 Description: A vulnerability allows for Server-Side Request Forgery SSRF through the "/run/predict" endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sendin...
LLaVA 代码问题漏洞
LLaVA is an application by Haotian Liu, a personal developer. A code issue vulnerability exists in LLaVA v1.2.0, which stems from a server-side request forgery in the POST /workergeneratestream API endpoint that could lead to unauthorized network operations...
LLaVA 代码问题漏洞
LLaVA is an application by Haotian Liu, an individual developer. A code issue vulnerability exists in LLaVA that stems from server-side request forgery, which could lead to the disclosure of sensitive data...
LLaVA 输入验证错误漏洞
LLaVA is an application by the individual developer Haotian Liu. An input validation error vulnerability exists in LLaVA v1.2.0, which stems from an open redirect and could allow a remote, unauthenticated attacker to redirect users to arbitrary websites...
LLaVA 安全漏洞
LLaVA is an application by the individual developer Haotian Liu. A security vulnerability exists in LLaVA v1.2.0, which stems from improper handling of form-data in a file upload request and could lead to a denial of service attack...
LLaVA 资源管理错误漏洞
LLaVA is an application by Haotian Liu, an individual developer. A resource management error vulnerability exists in LLaVA v1.2.0, which stems from a file upload request being mishandled, which could lead to a denial of service...