CVE-2024-12065

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
20/03/2025
Last modified:
20/03/2025

Description

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component.

References to Advisories, Solutions, and Tools