cbcvebase.
CVE-2024-12376
published 2025-03-20

CVE-2024-12376: A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This…

PriorityP347high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
0.70%
48.6th percentile
A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials.

Affected

2 ranges
VendorProductVersion rangeFixed in
lm-sysfastchat
lm-syslm-sys_fastchatunspecified – latest
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.