- Description
- A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint.
- Source
- security@huntr.dev
- NVD status
- Received
CVSS 3.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- 4.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
- Severity
- CRITICAL
- security@huntr.dev
- CWE-918
- Hype score
- Not currently trending
CVE-2024-10044 SSRF Vulnerability in lm-sys/fastchat Exposes Unauthorized Web Access A Server-Side Request Forgery (SSRF) vulnerability is in the POST /worker_generate_stream API endpoint of the Controller API Se... https://t.co/5sAUEJyPsZ
@VulmonFeeds
30 Dec 2024
68 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10044 A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of comm… https://t.co/11Jn37YZhg
@CVEnew
30 Dec 2024
547 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-10044: CRITICAL] A Server-Side Request Forgery (SSRF) vulnerability in lm-sys/fastchat's Controller API Server allows attackers to exploit credentials to access unauthorized web resources.#cybersecurity,#vulnerability https://t.co/WTGONVEyJr https://t.co/G6li8ecntp
@CveFindCom
30 Dec 2024
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes