Platform
python
Component
haotian-liu/llava
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the haotian-liu/llava project, specifically within the Controller API Server’s /workergeneratestream endpoint. This flaw allows attackers to leverage the server’s credentials to initiate unauthorized web requests and access restricted resources. The vulnerability impacts versions up to and including v1.2.0 (LLaVA-1.6), and a fix is pending.
The SSRF vulnerability in LLaVA’s Controller API Server poses a significant risk. An attacker can exploit this to perform unauthorized actions on behalf of the server, potentially accessing sensitive internal resources or external services. This could include reading confidential data, modifying configurations, or even launching further attacks against other systems accessible from the compromised server. The ability to leverage the server's credentials amplifies the potential impact, allowing attackers to bypass standard authentication mechanisms and gain broader access. The blast radius extends to any service or resource accessible by the Controller API Server.
This vulnerability was publicly disclosed on 2025-03-20. No public proof-of-concept (POC) code has been released at the time of writing. The vulnerability's severity (CVSS 9.3) indicates a high probability of exploitation if left unaddressed. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.12% (30% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a fixed version, immediate mitigation focuses on limiting the Controller API Server’s access to external resources. Implement strict network segmentation to restrict outbound connections. Configure a Web Application Firewall (WAF) to block suspicious requests targeting the /workergeneratestream endpoint, specifically those involving unusual or unauthorized domains. Carefully review and restrict the server’s credentials, ensuring they have the minimum necessary privileges. Monitor logs for unusual outbound requests originating from the Controller API Server.
Update the haotian-liu/llava library to a version later than v1.2.0 that fixes the SSRF vulnerability. Refer to the release notes or changelog for more details about the fix. As a temporary mitigation, restrict access to the /worker_generate_stream API only to trusted sources.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-9309 is a critical SSRF vulnerability in the haotian-liu/llava Controller API Server, allowing attackers to exploit server credentials for unauthorized web actions.
If you are running LLaVA versions up to and including v1.2.0 (LLaVA-1.6) and have not implemented mitigating controls, you are potentially affected.
A patched version is pending. Until then, implement network segmentation, WAF rules, and restrict server credentials to mitigate the risk.
While no active exploitation has been publicly confirmed, the high severity score suggests a potential for exploitation if left unaddressed.
Refer to the haotian-liu/llava project's official repository and communication channels for updates and advisories regarding CVE-2024-9309.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.