Security Advisory

CVE-2024-12065

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:09:49
Last updated 2025-10-15 12:49:29
Assigner @huntr_ai
State PUBLISHED

Description

A local file inclusion vulnerability exists in haotian-liu/llava at commit c121f04. This vulnerability allows an attacker to access any file on the system by sending multiple crafted requests to the server. The issue is due to improper input validation in the gradio web UI component.