CVE-2024-10225

High CVSS: 7.5

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application inaccessible.

Vendor

Hliu

Product

Llava

CWE

CWE-770

Yayın Tarihi

2025-03-20 10:15:15

Güncelleme

2025-10-15 13:15:34

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-770 Llava HIGH Hliu 2025

Referanslar

https://huntr.com/bounties/cd793f83-f122-432b-83e7-1cc8c78817b7

Benzer Kayıtlar

Medium

CVE-2024-9308

An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker…

Critical

CVE-2024-9309

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Contro…

Medium

CVE-2024-9311

A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload f…

High

CVE-2024-12068

A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. T…

High

CVE-2024-12070

A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release…

High

CVE-2024-12065

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacke…