haotian-liu llava Server-Side Request Forgery Vulnerability

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability exists in haotian-liu/llava, specifically in version git c121f04. This vulnerability enables an attacker to manipulate the server into making HTTP requests to arbitrary URLs. Such exploitation could lead to unauthorized access to sensitive data available only from the server, including AWS metadata credentials.

Impact

Exploitation of this vulnerability could allow attackers to access sensitive server-side data, such as AWS metadata credentials, potentially leading to further exploitation of AWS resources.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.2

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

haotian-liu llava Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating