Login Sign Up

CVE-2024-10044

9.3 CRITICAL
SSRF

📋 TL;DR

This SSRF vulnerability in FastChat's Controller API Server allows attackers to make the server send unauthorized requests to internal or external systems using the server's credentials. Attackers can combine two API endpoints to exploit this, potentially accessing sensitive resources. Anyone running FastChat with the vulnerable Controller API Server is affected.

💻 Affected Systems

Products:
  • lm-sys/fastchat
Versions: All versions up to and including commit e208d5677c6837d590b81cb03847c0b9de100765
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments with Controller API Server enabled and accessible.

📦 What is this software?

Fastchat by Lm Sys

View all CVEs affecting Fastchat →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access internal cloud metadata services, internal APIs, or sensitive internal systems, potentially leading to full cloud account compromise or data exfiltration.

🟠

Likely Case

Attackers scan and access internal web services, potentially stealing credentials or sensitive data from internal applications.

🟢

If Mitigated

Limited to accessing only allowed external resources if proper network segmentation and egress filtering are in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires access to the API endpoints but no authentication to the vulnerable endpoints themselves.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit e208d5677c6837d590b81cb03847c0b9de100765

Vendor Advisory: https://huntr.com/bounties/44633540-377d-4ac4-b3a3-c2d0fa19d0e6

Restart Required: Yes

Instructions:

1. Update FastChat to latest version. 2. Restart Controller API Server. 3. Verify the /worker_generate_stream endpoint validates URLs.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict Controller API Server network access to prevent SSRF attacks reaching sensitive systems.

API Endpoint Restriction

all

Disable or restrict access to POST /worker_generate_stream and POST /register_worker endpoints.

🧯 If You Can't Patch

  • Implement strict egress filtering to block Controller API Server from accessing internal networks
  • Deploy WAF rules to detect and block SSRF patterns in API requests

🔍 How to Verify

Check if Vulnerable:

Check if FastChat version includes commit e208d5677c6837d590b81cb03847c0b9de100765 or earlier. Test if POST /worker_generate_stream accepts arbitrary URLs.

Check Version:

git log --oneline -1

Verify Fix Applied:

Verify the endpoint now validates and restricts URL parameters. Test with internal IP addresses to confirm blocking.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound requests from Controller API Server
  • Requests to internal IP ranges or metadata services

Network Indicators:

  • Controller API Server making unexpected external requests
  • Traffic to cloud metadata endpoints

SIEM Query:

source="fastchat-controller" AND (url="169.254.169.254" OR url="metadata.google.internal" OR url~"^http://(10|172|192)")

📊 Metadata

CVE ID: CVE-2024-10044
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CWE: CWE-918
Published: December 30, 2024
Last Updated: July 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10044, you might also want to check these:

CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2025-2828 10.0

This Server-Side Request Forgery (SSRF) vulnerability in langchain-community's RequestsToolkit allow...

Same vulnerability type (CWE-918)
CVE-2023-43654 10.0

TorchServe versions 0.1.0 to 0.8.1 have a critical vulnerability where the default configuration lac...

Same vulnerability type (CWE-918)