Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cross-Site Request Forgery to XSS in haotian-liu/llava
Vulnerability Description
A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code in the context of the victim's browser by visiting the crafted file URL. This can lead to theft of sensitive information, session hijacking, or other actions compromising the security and privacy of the victim.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
LLaVA 跨站请求伪造漏洞
Vulnerability Description
LLaVA是Haotian Liu个人开发者的一个应用程序。 LLaVA v1.2.0版本存在跨站请求伪造漏洞,该漏洞源于跨站请求伪造,可能导致攻击者上传恶意文件并执行任意JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A