lm-sys FastChat Server-Side Request Forgery Vulnerability

Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability exists in the lm-sys/fastchat web server, specifically in the version git 2c68a13. This vulnerability enables attackers to access internal server resources and data that are typically restricted, such as AWS metadata credentials.

Impact

Exploitation of this vulnerability allows for unauthorized access to internal server resources and sensitive data, including AWS metadata credentials.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.8

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

lm-sys FastChat Server-Side Request Forgery Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating