CVE-2024-10225

Published: Mar 20, 2025Modified: Oct 15, 2025

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: security@huntr.dev (Secondary)

Description

A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application inaccessible.

Affected (1)

Products: Hliu: Llava

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hliu Llava	Version 1.2.0

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (1)

https://huntr.com/bounties/cd793f83-f122-432b-83e7-1cc8c78817b7

Source: security@huntr.dev

ExploitThird Party Advisory

Timeline

No history available yet.