PT-2025-12273 · Haotian Liu · Llava
Published
2025-03-20
·
Updated
2025-03-20
·
CVE-2024-9308
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
haotian-liu/llava version v1.2.0
Description
A remote unauthenticated attacker can redirect users to arbitrary websites via a specially crafted URL, potentially leading to phishing attacks, malware distribution, and credential theft.
Recommendations
For haotian-liu/llava version v1.2.0, consider restricting access to the vulnerable URL redirection mechanism until a patch is available. As a temporary workaround, avoid using specially crafted URLs that may lead to unauthorized redirects.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Llava