CVE-2024-10044

NONE EPSS 39.2%
Published Dec 30, 20241y ago · Modified Jun 17, 20261w ago
Find Similar
Published Dec 30, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint.

Threat Intelligence

EPSS Exploit Probability
39.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

Affected Products 1

VendorProductVersionRange
lm-sysfastchat2024-09-23any

References 1

  • huntr.com https://huntr.com/bounties/44633540-377d-4ac4-b3a3-c2d0fa19d0e6
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.