CVE-2024-9311

A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code in the context of the victim's browser by visiting the crafted file URL. This can lead to theft of sensitive information, session hijacking, or other actions compromising the security and privacy of the victim.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://huntr.com/bounties/15b18b85-5a6b-43e7-bc65-6b4772871e98	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:hliu:large_language_and_vision_assistant:1.2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-04-07 14:54

NVD link : CVE-2024-9311

Mitre link : CVE-2024-9311

CVE.ORG link : CVE-2024-9311

JSON object : View

Products Affected

hliu

large_language_and_vision_assistant

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2024-9311", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:47.980", "references": [{"url": "https://huntr.com/bounties/15b18b85-5a6b-43e7-bc65-6b4772871e98", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability in haotian-liu/llava v1.2.0 (LLaVA-1.6) allows an attacker to upload files with malicious content without authentication or user interaction. The uploaded file is stored in a predictable path, enabling the attacker to execute arbitrary JavaScript code in the context of the victim's browser by visiting the crafted file URL. This can lead to theft of sensitive information, session hijacking, or other actions compromising the security and privacy of the victim."}, {"lang": "es", "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en haotian-liu/llava v1.2.0 (LLaVA-1.6) permite a un atacante cargar archivos con contenido malicioso sin autenticaci\u00f3n ni interacci\u00f3n del usuario. El archivo cargado se almacena en una ruta predecible, lo que permite al atacante ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima al visitar la URL del archivo manipulado. Esto puede provocar el robo de informaci\u00f3n confidencial, el secuestro de sesi\u00f3n u otras acciones que comprometan la seguridad y la privacidad de la v\u00edctima."}], "lastModified": "2025-04-07T14:54:12.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hliu:large_language_and_vision_assistant:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16359AF7-BEEE-464E-9B76-3D47F6635EE8"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}