Open Redirect Vulnerability in lm-sys FastChat
CVE-2024-10908

6.1MEDIUM

Key Information:

Vendor: Lm-sys
Status: Lm-sys/fastchat
Vendor: CVE Published:; 20 March 2025

Summary

An open redirect vulnerability has been identified in lm-sys FastChat, specifically in Release v0.2.36. This vulnerability allows remote unauthenticated attackers to manipulate URLs in a way that redirects end-users to arbitrary external sites. Such exploitation could facilitate various malicious activities, including phishing attacks aimed at stealing credentials and distributing malware. Organizations using this version should take immediate action to mitigate potential risks associated with these types of attacks. For more detailed information, please refer to the Huntr entry.

Affected Version(s)

lm-sys/fastchat <= unspecified

References

https://huntr.com/bounties/61f5e725-5579-4d08-8a88-e4ba04...

CVSS V3.0

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 5, 2024