CVE-2024-12068

Name of the Vulnerable Software and Affected Versions haotian-liu/llava version git c121f04

Description A Server-Side Request Forgery (SSRF) issue was discovered, allowing an attacker to make the server perform HTTP requests to arbitrary URLs. This could potentially access sensitive data that is only accessible from the server, such as AWS metadata credentials.

Recommendations For version git c121f04, consider restricting access to sensitive data and URLs that the server can access until a patch is available. As a temporary workaround, restrict the server's ability to make HTTP requests to arbitrary URLs.