Every CVE whose affected-product data names Lm-sys Fastchat, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-10044 — CVSS 9.3 (critical): A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in…
CVE-2024-10907 — CVSS 7.5 (high): In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw…
CVE-2024-10912 — CVSS 7.5 (high): A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to…
CVE-2024-11603 — CVSS 7.5 (high): A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the…
CVE-2024-12376 — CVSS 7.5 (high): A Server-Side Request Forgery (SSRF) vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version…
CVE-2024-10908 — CVSS 6.1 (medium): An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary…