GHSA-g44m-hpf4-vmrp
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g44m-hpf4-vmrp
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-g44m-hpf4-vmrp/GHSA-g44m-hpf4-vmrp.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-g44m-hpf4-vmrp
- Aliases
-
- CVE-2024-12376
- Published
- 2025-03-20T12:32:43Z
- Modified
- 2025-03-21T17:14:49.713215Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- FastChat Server-Side Request Forgery vulnerability
- Details
-
A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials.
- Database specific
{ "nvd_published_at": "2025-03-20T10:15:27Z", "cwe_ids": [ "CWE-918" ], "github_reviewed": true, "severity": "HIGH", "github_reviewed_at": "2025-03-21T16:41:12Z" }- References
Affected packages
PyPI / fschat
Package
- Name
- fschat
- View open source insights on deps.dev
- Purl
- pkg:pypi/fschat
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.2.36
Affected versions
0.*
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.1.7
0.1.8
0.1.9
0.1.10
0.2.0
0.2.1
0.2.2
0.2.3
0.2.4
0.2.5
0.2.6
0.2.7
0.2.8
0.2.9
0.2.10
0.2.11
0.2.12
0.2.13
0.2.14
0.2.15
0.2.16
0.2.17
0.2.18
0.2.20
0.2.21
0.2.23
0.2.24
0.2.26
0.2.27
0.2.28
0.2.29
0.2.30
0.2.31
0.2.32
0.2.33
0.2.34
0.2.35
0.2.36