haotian-liu llava Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in haotian-liu/llava version 1.2.0. The issue arises when a file is uploaded via a multipart form-data request. An attacker can append a large number of characters to the end of the multipart boundary, causing the server to process each character individually. This excessive processing can overwhelm the application, making it inaccessible for an extended period.

Impact

Exploitation of this vulnerability causes the application to become unresponsive, leading to a 504 Gateway Timeout error. This downtime can last for hours, during which all users on the server are unable to access the application.

Reproduction

To reproduce this vulnerability, upload a file through the '/upload?upload_id=' endpoint. Capture the request with Burp Suite and append a large number of characters, such as dashes, to the end of the multipart boundary. After sending the request, refresh the page. The server will struggle to process the excessive characters, resulting in a timeout error and making the application unavailable.