CVE-2024-12065
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
20/03/2025
Last modified:
20/03/2025
Description
A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH