Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Server-Side Request Forgery in haotian-liu/llava

CVE-2024-12068

Description

A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such as AWS metadata credentials.

Affected products

Haotian Liu/Haotian Liu/llavav5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

huntr.com/bounties/9d0b908d-63cd-4d62-91ff-6ceef3183752mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000