CVE-2024-10044
published 2024-12-30CVE-2024-10044: A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as…
PriorityP356critical9.3CVSS 3.0
AVNACLPRNUINSCCHILAN
EPSS
0.50%
39.1th percentile
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lm-sys | fastchat | — | — |
| lm-sys | lm-sys_fastchat | unspecified – latest | — |
CVSS provenance
nvdv3.09.3CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h6qm-w442-h848: A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fast
ghsa_unreviewed·2024-12-30
CVE-2024-10044 [CRITICAL] CWE-918 GHSA-h6qm-w442-h848: A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fast
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint.
Red Hat
kernel: mm: call the security_mmap_file() LSM hook in remap_file_pages()
vendor_redhat·2024-10-21·CVSS 7.8
CVE-2024-47745 [HIGH] CWE-670 kernel: mm: call the security_mmap_file() LSM hook in remap_file_pages()
kernel: mm: call the security_mmap_file() LSM hook in remap_file_pages()
In the Linux kernel, the following vulnerability has been resolved:
mm: call the security_mmap_file() LSM hook in remap_file_pages()
The remap_file_pages syscall handler calls do_mmap() directly, which
doesn't contain the LSM security check. And if the process has called
personality(READ_IMPLIES_EXEC) before and remap_file_pages() is called for
RW pages, this will actually result in remapping the pages to RWX,
bypassing a W^X policy enforced by SELinux.
So we should check prot by security_mmap_file LSM hook in the
remap_file_pages syscall handler before do_mmap() is called. Otherwise, it
potentially permits an attacker to bypass a W^X policy enforced by
SELinux.
The bypass is similar to CVE-2016-10044, which bypass t
No detection rules found.
No public exploits indexed.
2024-12-30
Published