Login Sign Up

CVE-2024-12068

7.5 HIGH
SSRF

📋 TL;DR

This Server-Side Request Forgery (SSRF) vulnerability in haotian-liu/llava allows attackers to make the server send HTTP requests to arbitrary internal URLs. This could expose sensitive server-side resources like AWS metadata credentials or internal APIs. Anyone using the affected version of this software is vulnerable.

💻 Affected Systems

Products:
  • haotian-liu/llava
Versions: git commit c121f04
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the specific git commit version; other versions may also be vulnerable if similar code patterns exist.

📦 What is this software?

Llava by Hliu

View all CVEs affecting Llava →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains access to cloud metadata credentials, leading to full cloud environment compromise, data exfiltration, or lateral movement to other internal systems.

🟠

Likely Case

Attacker accesses internal APIs or services, potentially stealing sensitive data or using the server as a proxy for further attacks.

🟢

If Mitigated

Limited impact due to network segmentation, proper input validation, or outbound firewall rules blocking sensitive endpoints.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires understanding of the application's input handling and network access to trigger SSRF.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Later git commits after c121f04

Vendor Advisory: https://huntr.com/bounties/9d0b908d-63cd-4d62-91ff-6ceef3183752

Restart Required: No

Instructions:

1. Update to a newer git commit of haotian-liu/llava. 2. Verify the fix by checking the commit hash is after c121f04. 3. Test the application to ensure SSRF vectors are blocked.

🔧 Temporary Workarounds

Input Validation and URL Whitelisting

all

Implement strict validation of user-supplied URLs, allowing only trusted domains or blocking internal IP ranges.

Network Segmentation

all

Use firewall rules to block outbound requests from the server to sensitive internal endpoints like metadata services.

🧯 If You Can't Patch

  • Implement strict outbound firewall rules to block access to internal IP ranges and metadata endpoints.
  • Deploy a web application firewall (WAF) with SSRF protection rules to filter malicious requests.

🔍 How to Verify

Check if Vulnerable:

Check the git commit hash of your llava installation; if it is c121f04 or earlier, you are vulnerable.

Check Version:

git log --oneline -1

Verify Fix Applied:

Update to a newer commit and test by attempting to trigger SSRF with controlled payloads; requests to internal URLs should be blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the server to internal IPs or metadata endpoints
  • Failed attempts to access restricted URLs

Network Indicators:

  • Outbound connections from the server to unexpected internal services
  • Traffic to cloud metadata endpoints (e.g., 169.254.169.254 for AWS)

SIEM Query:

source="llava_logs" AND (url CONTAINS "169.254.169.254" OR url CONTAINS "metadata")

📊 Metadata

CVE ID: CVE-2024-12068
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-918
EPSS Score: 0.12% exploit probability (31.7th percentile)
Published: March 20, 2025
Last Updated: October 21, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12068, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)