haotian-liu LLaVA Open Redirect Vulnerability

Vulnerability

A vulnerability allowing open redirection has been identified in haotian-liu/llava version v1.2.0 (LLaVA-1.6). This vulnerability allows remote, unauthenticated attackers to redirect users to arbitrary websites by using a specially crafted URL. Such exploitation could be used for phishing attacks, distributing malware, or stealing credentials.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of users, potentially causing phishing, malware distribution, or credential theft.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

haotian-liu LLaVA Open Redirect Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating