==========================
== Gharib Personal Blog ==
==========================
A Techi Personal Blog

CVE-2024-9309 - LLaVA Controller API Server SSRF

CVE-2024-9309 - LLaVA Controller API Server SSRF

CVE ID : CVE-2024-9309 Published : March 20, 2025, 10:15 a.m. | 1 day, 18 hours ago Description : A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). This vulnerability allows attackers to exploit the victim Controller API Server’s

CVE ID : CVE-2024-9309
Published : March 20, 2025, 10:15 a.m. | 1 day, 18 hours ago
Description : A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). This vulnerability allows attackers to exploit the victim Controller API Server’s credentials to perform unauthorized web actions or access unauthorized web resources.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source