Описание
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized web actions or access unauthorized web resources.
Ссылки
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:hliu:llava:1.2.0:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00116
Низкий
9.3 Critical
CVSS3
Дефекты
CWE-918
Связанные уязвимости
CVSS3: 9.3
github
11 месяцев назад
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in haotian-liu/llava version v1.2.0 (LLaVA-1.6). This vulnerability allows attackers to exploit the victim Controller API Server's credentials to perform unauthorized web actions or access unauthorized web resources.
EPSS
Процентиль: 31%
0.00116
Низкий
9.3 Critical
CVSS3
Дефекты
CWE-918