Lucene search
+L

34 matches found

OSV
OSV
added 2025/03/20 10:15 a.m.3 views

CVE-2024-10908

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS5.9AI score0.0077EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.3 views

CVE-2024-10912

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

7.5CVSS5.8AI score0.00588EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.11 views

CVE-2024-10908

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS0.0077EPSS
Exploits1References1
OSV
OSV
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10907

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinit...

7.5CVSS5.8AI score0.00642EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.14 views

CVE-2024-10912 Denial of Service in lm-sys/fastchat

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

7.5CVSS0.00588EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.14 views

CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS0.00703EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.3 views

CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

7.5CVSS7.5AI score0.00703EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.65 views

CVE-2024-12376

The CVE-2024-12376 entry describes a Server-Side Request Forgery (SSRF) in the lm-sys/fastchat web server, specifically affecting the git 2c68a13 revision. The vulnerability allows an attacker to access internal server resources and data not normally reachable, including AWS metadata credentials....

7.5CVSS7.5AI score0.00703EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.11 views

CVE-2024-10907 Denial of Service (DoS) via Multipart Boundary in lm-sys/fastchat

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinit...

7.5CVSS0.00642EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.15 views

CVE-2024-11603 Server-Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

7.5CVSS0.00646EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.5 views

CVE-2024-11603 Server-Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

7.5CVSS7.5AI score0.00646EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.12 views

CVE-2024-10908 Open Redirect in lm-sys/fastchat

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

6.1CVSS0.0077EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/12/30 11:47 a.m.29 views

CVE-2024-10044 SSRF in POST /worker_generate_stream API endpoint in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's...

9.3CVSS0.00511EPSS
Exploits1References1
CVE
CVE
added 2024/12/30 11:47 a.m.93 views

CVE-2024-10044

CVE-2024-10044 describes a Server-Side Request Forgery (SSRF) in the lm-sys/fastchat Controller API Server, affecting the POST /worker_generate_stream endpoint. The vulnerability allows an attacker to misuse the controller API server’s credentials to perform unauthorized web actions or access res...

9.3CVSS9.2AI score0.00511EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder