CVE-2024-12376: FastChat Server-Side Request Forgery vulnerability

March 20, 2025 (updated March 21, 2025)

A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials.

References

github.com/advisories/GHSA-g44m-hpf4-vmrp
github.com/lm-sys/FastChat
huntr.com/bounties/c9cc3f28-ee9f-4d2d-9ee5-8c6455a11892
nvd.nist.gov/vuln/detail/CVE-2024-12376

Code Behaviors & Features

Detect and mitigate CVE-2024-12376 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →