CVE-2024-10908
MEDIUM6.1EPSS 0.90%FastChat open redirect vulnerability
發布日:2025/3/20修改日:2025/3/21
描述
An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft.
受影響套件(1)
- PyPI/fschatfrom 0, <= 0.2.36
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |