Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-g44m-hpf4-vmrp

Опубликовано: 20 мар. 2025
Источник: github
Github: Прошло ревью
CVSS3: 7.5

Описание

FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials.

Ссылки

Пакеты

Наименование

fschat

pip
Затронутые версииВерсия исправления

<= 0.2.36

Отсутствует

EPSS

Процентиль: 32%
0.00123
Низкий

7.5 High

CVSS3

CVE ID

CVE-2024-12376

Дефекты

CWE-918

Связанные уязвимости

nvd логотип

CVE-2024-12376

CVSS3: 7.5
nvd
11 месяцев назад

A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials.

EPSS

Процентиль: 32%
0.00123
Низкий

7.5 High

CVSS3

CVE ID

CVE-2024-12376

Дефекты

CWE-918