CVE-2024-12068

{"id": "CVE-2024-12068", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:27.000", "references": [{"url": "https://huntr.com/bounties/9d0b908d-63cd-4d62-91ff-6ceef3183752", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability was discovered in haotian-liu/llava, affecting version git c121f04. This vulnerability allows an attacker to make the server perform HTTP requests to arbitrary URLs, potentially accessing sensitive data that is only accessible from the server, such as AWS metadata credentials."}, {"lang": "es", "value": "Se descubri\u00f3 una vulnerabilidad de Server-Side Request Forgery (SSRF) en haotian-liu/llava, que afecta a la versi\u00f3n git c121f04. Esta vulnerabilidad permite a un atacante obligar al servidor a realizar solicitudes HTTP a URL arbitrarias, lo que podr\u00eda permitir el acceso a datos confidenciales a los que solo se puede acceder desde el servidor, como las credenciales de metadatos de AWS."}], "lastModified": "2025-10-21T14:46:49.460", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hliu:llava:2024-05-11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2745A606-7E36-42B1-B249-25532AF734B8"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}