Plattform
python
Komponente
haotian-liu/llava
CVE-2024-11449 is a Server-Side Request Forgery (SSRF) vulnerability discovered in haotian-liu/llava versions up to 1.2.0 (LLaVA-1.6). This flaw allows attackers to craft malicious requests targeting the /run/predict endpoint, potentially leading to unauthorized access to internal resources. Affected users should immediately review their deployments and implement the recommended mitigations. A patch is pending.
The SSRF vulnerability in LLaVA allows an attacker to manipulate the application into making requests to unintended destinations. By crafting specific requests to the /run/predict endpoint, an attacker can potentially access internal network services that are not directly exposed to the internet. A particularly concerning scenario involves accessing the AWS metadata endpoint (169.254.169.254), which could expose sensitive information such as AWS credentials and instance details. This could lead to complete compromise of the underlying infrastructure. The blast radius extends to any internal resources accessible from the LLaVA server.
CVE-2024-11449 was publicly disclosed on 2025-03-20. There is no indication of this vulnerability being actively exploited at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation is moderate, as it requires understanding of SSRF techniques and the LLaVA application's architecture.
Organizations deploying LLaVA in environments with access to sensitive internal resources, particularly those utilizing AWS infrastructure, are at significant risk. Shared hosting environments where LLaVA is deployed alongside other applications could also be vulnerable, as an attacker could potentially leverage the SSRF vulnerability to access resources belonging to other tenants.
• python / server:
import requests
import urllib.parse
def check_ssrf(url):
try:
parsed_url = urllib.parse.urlparse(url)
if parsed_url.netloc == '169.254.169.254':
print(f"Potential SSRF detected: {url}")
else:
print(f"URL is safe: {url}")
except Exception as e:
print(f"Error parsing URL: {e}")
# Example usage
check_ssrf('http://169.254.169.254/latest/meta-data/')• generic web:
curl -I 'http://your-llava-server/run/predict?path=http://169.254.169.254/latest/meta-data/'Examine the response headers and body for any signs of internal network access.
disclosure
Exploit-Status
EPSS
0.15% (35% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-11449 is to implement robust input validation on the /run/predict endpoint. Specifically, the path parameter should be strictly validated to prevent attackers from injecting malicious URLs. Consider implementing a whitelist of allowed domains or using a URL sanitization library. Network segmentation can also limit the potential impact by restricting the LLaVA server's access to internal resources. While a direct patch is pending, restricting outbound network access to only necessary services is a crucial temporary measure. Monitor the haotian-liu/llava repository for updates and apply the fix as soon as it becomes available. After applying mitigations, verify by attempting to access the AWS metadata endpoint through the /run/predict endpoint and confirming access is denied.
Aktualisieren Sie die LLaVA Bibliothek auf eine gepatchte Version, die die SSRF Schwachstelle im /run/predict Endpoint behebt. Überprüfen Sie die Versionshinweise oder das Änderungsprotokoll, um die Version zu identifizieren, die die Behebung enthält. Als vorübergehende Maßnahme implementieren Sie eine robuste Validierung der Benutzereingaben im /run/predict Endpoint, um Pfadmanipulationen zu verhindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-11449 is a Server-Side Request Forgery (SSRF) vulnerability affecting LLaVA versions up to 1.2.0, allowing attackers to potentially access internal resources through the /run/predict endpoint.
If you are using LLaVA version 1.2.0 or earlier, you are potentially affected by this vulnerability. Assess your environment and implement mitigations immediately.
The recommended fix is to validate the path parameter in the /run/predict endpoint and restrict outbound network access. A patch is pending from the vendor.
There is currently no evidence of CVE-2024-11449 being actively exploited, but it is crucial to implement mitigations proactively.
Refer to the haotian-liu/llava repository on GitHub for updates and advisories related to CVE-2024-11449.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.