{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T15:33:24.739","vulnerabilities":[{"cve":{"id":"CVE-2024-10225","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:15.237","lastModified":"2025-10-15T13:15:34.420","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in haotian-liu/llava v1.2.0 allows an attacker to cause a Denial of Service (DoS) by appending a large number of characters to the end of a multipart boundary in a file upload request. This causes the server to continuously process each character, rendering the application inaccessible."},{"lang":"es","value":"Una vulnerabilidad en haotian-liu/llava v1.2.0 permite a un atacante provocar una denegación de servicio (DoS) añadiendo una gran cantidad de caracteres al final de un límite multiparte en una solicitud de carga de archivos. Esto provoca que el servidor procese continuamente cada carácter, lo que hace que la aplicación sea inaccesible."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:hliu:llava:1.2.0:*:*:*:*:*:*:*","matchCriteriaId":"EA8441D0-4B74-4A31-A510-10D145447709"}]}]}],"references":[{"url":"https://huntr.com/bounties/cd793f83-f122-432b-83e7-1cc8c78817b7","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}