Home > Vulnerability Database > CVE-2024-12376

Mend.io Vulnerability Database

CVE-2024-12376

Date: March 20, 2025

A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials.

Severity Score

7.5

Related Resources (4)

Url: https://huntr.com/bounties/c9cc3f28-ee9f-4d2d-9ee5-8c6455a11892

Url: https://github.com/lm-sys/FastChat

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-12376

Url: https://www.mend.io/vulnerability-database/CVE-2024-12376

Severity Score

7.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-12376

Date: March 20, 2025

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?