CVE-2024-9309

NONE EPSS 37.4%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized web actions or access unauthorized web resources.

Threat Intelligence

EPSS Exploit Probability
37.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
hliullava1.2.0any

References 1

  • huntr.com https://huntr.com/bounties/2ba6be79-5c90-48fa-99cb-82503ea49a12
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.