Hliu: >> Llava >> 2024-05-11 Security Vulnerabilities
A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such as AWS metadata credentials.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-03-20
A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-03-20