Lucene search
K

43 matches found

cvelist
cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-9308 Open Redirect in haotian-liu/llava

An open redirect vulnerability in haotian-liu/llava version v1.2.0 LLaVA-1.6 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS0.00489EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:10 a.m.46 views

CVE-2024-9308

The CVE-2024-9308 entry concerns an open redirect in haotian-liu/llava v1.2.0 (LLaVA-1.6). The vulnerability stems from an open redirect that allows a remote, unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. Documented impact mentions phishing, malware...

6.1CVSS7.1AI score0.00489EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/03/20 10:10 a.m.12 views

CVE-2024-9311 Cross-Site Request Forgery to XSS in haotian-liu/llava

A Cross-Site Request Forgery CSRF vulnerability in haotian-liu/llava v1.2.0 LLaVA-1.6 allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code...

6.1CVSS0.00199EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:10 a.m.49 views

CVE-2024-9311

The vulnerability CVE-2024-9311 affects haotian-liu/llava v1.2.0 (LLaVA-1.6). A CSRF flaw lets an attacker upload files with malicious content without authentication, storing them in a predictable path and enabling arbitrary JavaScript execution in the victim’s browser when visiting the crafted f...

6.1CVSS7.6AI score0.00199EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/03/20 10:9 a.m.6 views

CVE-2024-12065 Local File Inclusion in haotian-liu/llava

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component...

7.5CVSS7.3AI score0.00873EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/03/20 10:9 a.m.7 views

CVE-2024-9309 SSRF in POST /worker_generate_stream API endpoint in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 LLaVA-1.6. This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized...

9.3CVSS9.2AI score0.00473EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:9 a.m.79 views

CVE-2024-9309

CVE-2024-9309 is a Server-Side Request Forgery (SSRF) affecting the Controller API Server of haotian-liu/llava v1.2.0 (LLaVA-1.6). The vulnerability exists in the POST /worker_generate_stream endpoint and could allow an attacker to leverage the server’s credentials to perform unauthorized web act...

9.3CVSS9.2AI score0.00473EPSS
Exploits1References1Affected Software1
vulnrichment
vulnrichment
added 2025/03/20 10:8 a.m.7 views

CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...

7.5CVSS7.5AI score0.00646EPSS
Exploits1References1
cvelist
cvelist
added 2025/03/20 10:8 a.m.10 views

CVE-2024-12068 Server-Side Request Forgery in haotian-liu/llava

A Server-Side Request Forgery SSRF vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such...

7.5CVSS0.00646EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:8 a.m.44 views

CVE-2024-12068

CVE-2024-12068 affects haotian-liu/llava (Git commit c121f04). The vulnerability is a Server-Side Request Forgery (SSRF) that lets the server perform HTTP requests to arbitrary URLs, potentially exposing data only reachable from the server, such as AWS metadata credentials. A PoC/exploitation wor...

7.5CVSS7.5AI score0.00646EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/03/20 10:8 a.m.9 views

CVE-2024-10225 Denial of Service in haotian-liu/llava

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service DoS by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application...

7.5CVSS0.00588EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2025/03/20 10:8 a.m.6 views

CVE-2024-10225 Denial of Service in haotian-liu/llava

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service DoS by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application...

7.5CVSS7.5AI score0.00588EPSS
Exploits1References1
cve
cve
added 2025/03/20 10:8 a.m.55 views

CVE-2024-10225

CVE-2024-10225 affects haotian-liu/llava v1.2.0. The vulnerability allows a Denial of Service by appending a large number of characters to the end of a multipart boundary in a file upload request, causing the server to process each character and render the application inaccessible. The CVSS metri...

7.5CVSS7.5AI score0.00588EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2025/03/20 10:8 a.m.12 views

CVE-2024-11449 Server-Side Request Forgery in haotian-liu/llava

A vulnerability in haotian-liu/llava version 1.2.0 LLaVA-1.6 allows for Server-Side Request Forgery SSRF through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation o...

7.5CVSS0.00646EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2025/03/20 12:0 a.m.5 views

PT-2025-12107 · Llava · Llava

Name of the Vulnerable Software and Affected Versions: haotian-liu/llava version 1.2.0 Description: A vulnerability allows for Server-Side Request Forgery SSRF through the "/run/predict" endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sendin...

7.5CVSS7.6AI score0.00646EPSS
Exploits1References4
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.5 views

LLaVA 代码问题漏洞

LLaVA is an application by Haotian Liu, a personal developer. A code issue vulnerability exists in LLaVA v1.2.0, which stems from a server-side request forgery in the POST /workergeneratestream API endpoint that could lead to unauthorized network operations...

9.3CVSS9.2AI score0.00473EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.5 views

LLaVA 代码问题漏洞

LLaVA is an application by Haotian Liu, an individual developer. A code issue vulnerability exists in LLaVA that stems from server-side request forgery, which could lead to the disclosure of sensitive data...

7.5CVSS7.5AI score0.00646EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.4 views

LLaVA 输入验证错误漏洞

LLaVA is an application by the individual developer Haotian Liu. An input validation error vulnerability exists in LLaVA v1.2.0, which stems from an open redirect and could allow a remote, unauthenticated attacker to redirect users to arbitrary websites...

6.1CVSS6.3AI score0.00489EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.4 views

LLaVA 安全漏洞

LLaVA is an application by the individual developer Haotian Liu. A security vulnerability exists in LLaVA v1.2.0, which stems from improper handling of form-data in a file upload request and could lead to a denial of service attack...

7.5CVSS7.5AI score0.00811EPSS
Exploits1References1
cnnvd
cnnvd
added 2025/03/20 12:0 a.m.5 views

LLaVA 资源管理错误漏洞

LLaVA is an application by Haotian Liu, an individual developer. A resource management error vulnerability exists in LLaVA v1.2.0, which stems from a file upload request being mishandled, which could lead to a denial of service...

7.5CVSS7.5AI score0.00588EPSS
Exploits1References1
Rows per page
Query Builder