CVE-2024-12070

Name of the Vulnerable Software and Affected Versions haotian-liu/llava version 1.2.0

Description A Denial of Service (DoS) issue exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unavailability for legitimate users. This issue can be exploited without authentication.

Recommendations For version 1.2.0, consider restricting access to the file upload feature until a patch is available to prevent exploitation. As a temporary workaround, limit the size of filenames that can be uploaded to prevent the server from becoming overwhelmed.