CVE-2024-10908
published 2025-03-20CVE-2024-10908: An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a…
PriorityP339medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.76%
50.8th percentile
An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lm-sys | fastchat | — | — |
| lm-sys | lm-sys_fastchat | unspecified – latest | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
FastChat open redirect vulnerability
osv·2025-03-20
CVE-2024-10908 [MEDIUM] FastChat open redirect vulnerability
FastChat open redirect vulnerability
An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.
GHSA
FastChat open redirect vulnerability
ghsa·2025-03-20
CVE-2024-10908 [MEDIUM] CWE-601 FastChat open redirect vulnerability
FastChat open redirect vulnerability
An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.
No detection rules found.
Nuclei
FastChat - Open Redirect
nuclei·CVSS 6.1
CVE-2024-10908 [MEDIUM] FastChat - Open Redirect
FastChat - Open Redirect
Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs.
Template:
id: CVE-2024-10908
info:
name: FastChat - Open Redirect
author: DhiyaneshDK
severity: medium
description: |
Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs.
impact: |
Unauthenticated attackers can redirect users to malicious URLs, potentially facilitating phishing attacks or credential harvesting.
remediation: |
Update FastChat to a version newer than 0.2.36.
reference:
- https://huntr.com/bounties/61f5e725-5579-4d08-8a88-e4ba04e6d1f2
classification:
epss-score: 0.0111
epss-percentile: 0.78166
metadata:
shodan-query: html:"Chatbot Arena
2025-03-20
Published