0.2.37
A Server-Side Request Forgery (SSRF) vulnerability has been identified in lm-sys/fastchat versions up to 0.2.36. This vulnerability resides within the /queue/join? endpoint, allowing attackers to manipulate requests and potentially gain unauthorized access to internal resources. The impact can range from data exposure to compromise of internal servers, highlighting the need for immediate remediation.
The SSRF vulnerability in fastchat allows an attacker to craft malicious requests through the /queue/join? endpoint. By manipulating the path parameter, an attacker can trick the server into making requests to unintended destinations. This could include accessing internal network services that are not directly exposed to the internet, or even querying the AWS metadata endpoint (if the application is deployed on AWS). Successful exploitation of this vulnerability could lead to the exposure of sensitive configuration data, API keys, or other credentials stored within the internal network. The blast radius extends to any internal systems accessible from the vulnerable fastchat instance, potentially enabling lateral movement and further compromise.
CVE-2024-11603 was publicly disclosed on 2025-03-20. The vulnerability's simplicity and the potential for significant impact suggest a medium probability of exploitation. No public proof-of-concept (PoC) code has been publicly released as of this writing, but the SSRF nature of the vulnerability makes it relatively straightforward to exploit. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.15% (35% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-11603 is to upgrade to a patched version of fastchat. Unfortunately, a specific fixed version is not provided in the CVE details. Until a patched version is available, consider implementing temporary workarounds such as restricting outbound network access from the fastchat server using a firewall or network segmentation. Implementing strict input validation on the /queue/join? endpoint to sanitize the path parameter is also crucial. Web Application Firewalls (WAFs) configured to block SSRF attempts can provide an additional layer of defense. Monitor logs for suspicious outbound requests originating from the fastchat server.
Update the fastchat library to a version later than 0.2.36 that fixes the SSRF vulnerability. Refer to the release notes or changelog for details about the fix. If a patched version is not available, consider implementing input validation and sanitization on the `/queue/join?` endpoint to mitigate the risk of SSRF.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-11603 is a Server-Side Request Forgery (SSRF) vulnerability in lm-sys/fastchat versions up to 0.2.36, allowing attackers to make unauthorized requests.
You are affected if you are using fastchat version 0.2.36 or earlier. Assess your deployments immediately.
Upgrade to a patched version of fastchat. Until a patch is available, implement workarounds like restricting outbound network access and input validation.
While no active exploitation has been confirmed, the vulnerability's nature suggests a medium probability of exploitation.
Refer to the lm-sys/fastchat repository and relevant security mailing lists for updates and advisories related to CVE-2024-11603.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.