Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2024-11603

๐Ÿ—“๏ธย 20 Mar 2025ย 10:10:02Reported byย @huntr_aiTypeย 
cve
ย cve๐Ÿ”—ย web.nvd.nist.gov๐Ÿ‘ย 43ย Views๐ŸŒ WEB

Server-Side Request Forgery vulnerability in fastchat version 0.2.36 exposes sensitive data risks.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
Circl		CVE-2024-11603
20 Mar 202515:18
โ€“circl
CNNVD		FastChat ไปฃ็ ้—ฎ้ข˜ๆผๆดž
20 Mar 202500:00
โ€“cnnvd
Cvelist		CVE-2024-11603 Server-Side Request Forgery in lm-sys/fastchat
20 Mar 202510:10
โ€“cvelist
EUVD		EUVD-2025-7033
3 Oct 202520:07
โ€“euvd
Github Security Blog		FastChat Server-Side Request Forgery vulnerability
20 Mar 202512:32
โ€“github
NVD		CVE-2024-11603
20 Mar 202510:15
โ€“nvd
OSV		GHSA-H254-G997-685C FastChat Server-Side Request Forgery vulnerability
20 Mar 202512:32
โ€“osv
RedhatCVE		CVE-2024-11603
22 Mar 202511:39
โ€“redhatcve
Snyk		Server-side Request Forgery (SSRF)
20 Mar 202512:32
โ€“snyk
vulnersOsv		agentverse (=0.1.8.1), airoboros (=2.1.1) +35 more potentially affected by CVE-2024-11603 via fschat (>=0.2.2 <=0.2.36)
20 Mar 202512:32
โ€“vulnersosv
Rows per page
NVD
Node
lm-sysfastchatMatch0.2.36
[
  {
    "vendor": "lm-sys",
    "product": "lm-sys/fastchat",
    "versions": [
      {
        "version": "unspecified",
        "status": "affected",
        "versionType": "custom",
        "lessThanOrEqual": "latest"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
pathquery param/queue/join?Server-Side Request Forgery via insufficient validation of the path parameter on the /queue/join endpointCWE-918

Data

Build on a solid foundation withย Vulners data

Weย provide theย essential building blocks forย cybersecurity solutions withย comprehensive, structured, andย constantly updated vulnerability andย exploits data

Api

Power your application withย Vulners API

The Vulners REST API offers reliable, high-performance access toย vulnerabilityย intelligence, withย 99.9%ย SLAย uptime andย CDN-backed data delivery forย seamlessย global access

App

Assess and manage vulnerabilities withย Vulnersย tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Jul 2025 19:36Current
7.5High risk
Vulners AI Score7.5
CVSS 37.5
EPSS0.00253
SSVC
CWE-918
server-side request forgeryfastchat versionunauthorized accesssensitive data exposureinternal networks
43