CVE-2024-12376
published 2025-03-20CVE-2024-12376: A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This…
PriorityP347high7.5CVSS 3.0
AVNACLPRNUINSUCHINAN
EPSS
0.70%
48.6th percentile
A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lm-sys | fastchat | — | — |
| lm-sys | lm-sys_fastchat | unspecified – latest | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
FastChat Server-Side Request Forgery vulnerability
osv·2025-03-20
CVE-2024-12376 [HIGH] FastChat Server-Side Request Forgery vulnerability
FastChat Server-Side Request Forgery vulnerability
A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials.
GHSA
FastChat Server-Side Request Forgery vulnerability
ghsa·2025-03-20
CVE-2024-12376 [HIGH] CWE-918 FastChat Server-Side Request Forgery vulnerability
FastChat Server-Side Request Forgery vulnerability
A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-03-20
Published