Large Language And Vision Assistant@1.2.0 Security Vulnerabilities and Issues — Large Language And Vision Assistant@1.2.0 CVE List

Lucene search

HliuLarge Language And Vision Assistant1.2.0

3 matches found

CVE•added 2025/03/20 10:15 a.m.•38 views

CVE-2024-9311

A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript co...

6.1CVSS7.6AI score0.00025EPSS

CVE•added 2025/03/20 10:15 a.m.•34 views

CVE-2024-11449

A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the /run/predict endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint by sending crafted requests that exploit insufficient validation...

7.5CVSS7.6AI score0.00211EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-12070

A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 (LLaVA-1.6). The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large fil...

7.5CVSS6.9AI score0.00525EPSS