Login Sign Up

CVE-2024-9309

9.3 CRITICAL
SSRF

📋 TL;DR

This SSRF vulnerability in LLaVA's Controller API Server allows attackers to make the server send unauthorized requests to internal or external systems using its credentials. It affects anyone running haotian-liu/llava v1.2.0 with the Controller API Server exposed. Attackers could access sensitive internal resources or perform actions as the server.

💻 Affected Systems

Products:
  • haotian-liu/llava
Versions: v1.2.0 (LLaVA-1.6)
Operating Systems: all
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems with the Controller API Server running and the POST /worker_generate_stream endpoint accessible.

📦 What is this software?

Llava by Hliu

View all CVEs affecting Llava →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal infrastructure via credential theft, data exfiltration, or lateral movement to cloud metadata services and internal APIs.

🟠

Likely Case

Unauthorized access to internal web services, cloud metadata endpoints, or sensitive APIs accessible from the server's network position.

🟢

If Mitigated

Limited to accessing only external resources if proper network segmentation and egress filtering are implemented.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires network access to the vulnerable endpoint but no authentication. SSRF attacks are well-understood with many existing tools.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.2.1 or later

Vendor Advisory: https://huntr.com/bounties/2ba6be79-5c90-48fa-99cb-82503ea49a12

Restart Required: Yes

Instructions:

1. Update to haotian-liu/llava v1.2.1 or later. 2. Restart the Controller API Server. 3. Verify the fix by testing the endpoint.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict outbound network access from the Controller API Server to only required destinations.

Input Validation

all

Implement strict URL validation and whitelist allowed domains in the POST /worker_generate_stream endpoint.

🧯 If You Can't Patch

  • Implement strict network egress filtering to block all outbound traffic except to explicitly allowed destinations.
  • Deploy a web application firewall (WAF) with SSRF protection rules in front of the Controller API Server.

🔍 How to Verify

Check if Vulnerable:

Check if running haotian-liu/llava v1.2.0 and test the POST /worker_generate_stream endpoint with SSRF payloads targeting internal services.

Check Version:

Check the repository version or package manifest for 'v1.2.0'

Verify Fix Applied:

After updating to v1.2.1+, test the same SSRF payloads should fail or be blocked.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from the Controller API Server to internal IPs or cloud metadata endpoints
  • Multiple failed SSRF attempts in API logs

Network Indicators:

  • Unexpected HTTP traffic from the Controller API Server to internal network segments
  • Requests to cloud metadata services (169.254.169.254, etc.)

SIEM Query:

source="controller_api" AND (dest_ip=~"10.*|172.16.*|192.168.*|169.254.169.254")

📊 Metadata

CVE ID: CVE-2024-9309
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CWE: CWE-918
EPSS Score: 0.12% exploit probability (30.5th percentile)
Published: March 20, 2025
Last Updated: July 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9309, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)