ГлавнаяУязвимости → CVE-2024-11603
7.5высокая

CVE-2024-11603

Описание

A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal networks or the AWS metadata endpoint, potentially exposing sensitive data and compromising internal servers.

Затрагиваемое ПО
Lm-sys Fastchat
CVSS
Балл7.5 — высокая
ВекторCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://huntr.com/bounties/89f1158d-4a75-4000-a1bd-f82dd1a62bff