← Back

CVE-2024-12068

nvd nist
Published: Mar 20, 2025Modified: Oct 21, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: security@huntr.dev (Secondary)

Description

A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such as AWS metadata credentials.

Affected (1)

Products: Hliu: Llava
Hliu
1 product
Llava
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Llava
Version 2024-05-11

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (1)

Source: security@huntr.dev
ExploitThird Party Advisory

Timeline

No history available yet.