CVE-2024-12376

Name of the Vulnerable Software and Affected Versions lm-sys/fastchat version git 2c68a13

Description A Server-Side Request Forgery (SSRF) issue was identified, allowing an attacker to access internal server resources and data, such as AWS metadata credentials, that are otherwise inaccessible.

Recommendations For version git 2c68a13, consider restricting access to internal server resources to minimize the risk of exploitation. As a temporary workaround, review and limit the use of sensitive data, such as AWS metadata credentials, until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.