CVE-2024-11449 is a Server-Side Request Forgery (SSRF) vulnerability discovered in haotian-liu/llava versions up to 1.2.0 (LLaVA-1.6). This flaw allows attackers to craft malicious requests targeting the /run/predict endpoint, potentially leading to unauthorized access to internal resources. Affected users should immediately review their deployments and implement the recommended mitigations. A patch is pending.
The SSRF vulnerability in LLaVA allows an attacker to manipulate the application into making requests to unintended destinations. By crafting specific requests to the /run/predict endpoint, an attacker can potentially access internal network services that are not directly exposed to the internet. A particularly concerning scenario involves accessing the AWS metadata endpoint (169.254.169.254), which could expose sensitive information such as AWS credentials and instance details. This could lead to complete compromise of the underlying infrastructure. The blast radius extends to any internal resources accessible from the LLaVA server.
CVE-2024-11449 was publicly disclosed on 2025-03-20. There is no indication of this vulnerability being actively exploited at this time. No public proof-of-concept (PoC) code has been released. The vulnerability is not currently listed on the CISA KEV catalog. The ease of exploitation is moderate, as it requires understanding of SSRF techniques and the LLaVA application's architecture.
Exploit Status
EPSS
0.15% (35% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-11449 is to implement robust input validation on the /run/predict endpoint. Specifically, the path parameter should be strictly validated to prevent attackers from injecting malicious URLs. Consider implementing a whitelist of allowed domains or using a URL sanitization library. Network segmentation can also limit the potential impact by restricting the LLaVA server's access to internal resources. While a direct patch is pending, restricting outbound network access to only necessary services is a crucial temporary measure. Monitor the haotian-liu/llava repository for updates and apply the fix as soon as it becomes available. After applying mitigations, verify by attempting to access the AWS metadata endpoint through the /run/predict endpoint and confirming access is denied.
Update the LLaVA library to a patched version that fixes the SSRF vulnerability in the /run/predict endpoint. Check the release notes or changelog to identify the version that includes the fix. As a temporary measure, implement robust user input validation on the /run/predict endpoint to prevent path manipulation.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-11449 is a Server-Side Request Forgery (SSRF) vulnerability affecting LLaVA versions up to 1.2.0, allowing attackers to potentially access internal resources through the /run/predict endpoint.
If you are using LLaVA version 1.2.0 or earlier, you are potentially affected by this vulnerability. Assess your environment and implement mitigations immediately.
The recommended fix is to validate the path parameter in the /run/predict endpoint and restrict outbound network access. A patch is pending from the vendor.
There is currently no evidence of CVE-2024-11449 being actively exploited, but it is crucial to implement mitigations proactively.
Refer to the haotian-liu/llava repository on GitHub for updates and advisories related to CVE-2024-11449.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.