Open Redirect Vulnerability in lm-sys FastChat
CVE-2024-10908

6.1MEDIUM

Key Information:

Vendor: Lm-sys
Status: Lm-sys/fastchat
Vendor: CVE Published:; 20 March 2025

What is CVE-2024-10908?

An open redirect vulnerability has been identified in lm-sys FastChat, specifically in Release v0.2.36. This vulnerability allows remote unauthenticated attackers to manipulate URLs in a way that redirects end-users to arbitrary external sites. Such exploitation could facilitate various malicious activities, including phishing attacks aimed at stealing credentials and distributing malware. Organizations using this version should take immediate action to mitigate potential risks associated with these types of attacks. For more detailed information, please refer to the Huntr entry.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

lm-sys/fastchat <= unspecified

References

https://huntr.com/bounties/61f5e725-5579-4d08-8a88-e4ba04...

CVSS V3.0

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 5, 2024

JSON

Lm-sys