{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T05:36:14.079","vulnerabilities":[{"cve":{"id":"CVE-2024-11603","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:25.450","lastModified":"2025-07-29T19:36:28.150","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A Server-Side Request Forgery (SSRF) vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the `/queue/join?` endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal networks or the AWS metadata endpoint, potentially exposing sensitive data and compromising internal servers."},{"lang":"es","value":"Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en lm-sys/fastchat versión 0.2.36. La vulnerabilidad se presenta en el endpoint `/queue/join?`, donde una validación insuficiente del parámetro path permite a un atacante enviar solicitudes manipuladas. Esto puede provocar acceso no autorizado a las redes internas o al endpoint de metadatos de AWS, lo que podría exponer datos confidenciales y comprometer los servidores internos."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-918"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lm-sys:fastchat:0.2.36:*:*:*:*:*:*:*","matchCriteriaId":"7EF59142-7680-44AA-8669-F1F545DCBEDE"}]}]}],"references":[{"url":"https://huntr.com/bounties/89f1158d-4a75-4000-a1bd-f82dd1a62bff","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}