Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-9308

An open redirect vulnerability in haotian-liu/llava version v1.2.0 (LLaVA-1.6) allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.

Published

2025-03-20T10:15:47.733

Last Modified

2025-07-15T15:46:41.473

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.0: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hliu	llava	1.2.0	Yes

References

https://huntr.com/bounties/6233a165-a435-464d-915c-4c7510ffbf82 Exploit, Third Party Advisory ([email protected])