CVE-2024-12065

High CVSS: 7.5

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component.

Vendor

Hliu

Product

Llava

CWE

CWE-22

Yayın Tarihi

2025-03-20 10:15:26

Güncelleme

2025-10-21 14:47:02

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-22 Llava HIGH Hliu 2025

Referanslar

https://huntr.com/bounties/0594503c-038f-401c-9127-08be32bfd682

Benzer Kayıtlar

Medium

CVE-2024-9308

An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker…

Critical

CVE-2024-9309

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Contro…

Medium

CVE-2024-9311

A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload f…

High

CVE-2024-12068

A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. T…

High

CVE-2024-12070

A Denial of Service (DoS) vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release…

High

CVE-2024-11449

A vulnerability in haotian-liu/llava version 1.2.0 (LLaVA-1.6) allows for Server-Side Request Forgery (SSRF) through the…