CVE-2024-10225

{"id": "CVE-2024-10225", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:15.237", "references": [{"url": "https://huntr.com/bounties/cd793f83-f122-432b-83e7-1cc8c78817b7", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application inaccessible."}, {"lang": "es", "value": "Una vulnerabilidad en haotian-liu/llava v1.2.0 permite a un atacante provocar una denegaci\u00f3n de servicio (DoS) a\u00f1adiendo una gran cantidad de caracteres al final de un l\u00edmite multiparte en una solicitud de carga de archivos. Esto provoca que el servidor procese continuamente cada car\u00e1cter, lo que hace que la aplicaci\u00f3n sea inaccesible."}], "lastModified": "2025-07-11T20:41:35.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hliu:llava:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA8441D0-4B74-4A31-A510-10D145447709"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}