Llava@1.2.0 Security Vulnerabilities and Issues — Llava@1.2.0 CVE List

Lucene search

HliuLlava1.2.0

3 matches found

CVE•added 2025/03/20 10:15 a.m.•62 views

CVE-2024-9309

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthori...

9.3CVSS9.2AI score0.00058EPSS

CVE•added 2025/03/20 10:15 a.m.•36 views

CVE-2024-9308

An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.

6.1CVSS7.1AI score0.00095EPSS

CVE•added 2025/03/20 10:15 a.m.•35 views

CVE-2024-10225

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application inaccessi...

7.5CVSS7.5AI score0.00176EPSS