FastChat - Open Redirect

Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs. id: CVE-2024-10908 info: name: FastChat - Open Redirect author: DhiyaneshDK severity: medium description: | Detects an open redirect vulnerability in lm-sys/fastch...

CVE-2024-10912

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-10912

CVE-2024-10912 affects lm-sys/fastchat 0.2.36. The DoS arises from improper handling of multipart/form-data with a very large filename in the file upload path, per Red Hat/NVD/CVE records and related advisories. An attacker can exhaust server resources by sending a payload with an oversized filen...

CVE-2024-11603

Summary: CVE-2024-11603 is a Server-Side Request Forgery (SSRF) vulnerability in lm-sys/fastchat 0.2.36. The flaw resides in the /queue/join? endpoint where insufficient validation of the path parameter enables crafted requests that can reach internal networks or the AWS metadata endpoint. Multip...

CVE-2024-10908

The CVE-2024-10908 entry describes an open redirect vulnerability in lm-sys/fastchat release 0.2.36. The issue allows remote, unauthenticated attackers to redirect users to arbitrary URLs, enabling phishing, malware distribution, and credential theft. Affected component: lm-sys/fastchat, version ...