CVE-2024-10912 Denial of Service in lm-sys/fastchat

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-10912

CVE-2024-10912 affects lm-sys/fastchat 0.2.36. The DoS arises from improper handling of multipart/form-data with a very large filename in the file upload path, per Red Hat/NVD/CVE records and related advisories. An attacker can exhaust server resources by sending a payload with an oversized filen...

CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

CVE-2024-12376

The CVE-2024-12376 entry describes a Server-Side Request Forgery (SSRF) in the lm-sys/fastchat web server, specifically affecting the git 2c68a13 revision. The vulnerability allows an attacker to access internal server resources and data not normally reachable, including AWS metadata credentials....

CVE-2024-12376 Server Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...

CVE-2024-10907 Denial of Service (DoS) via Multipart Boundary in lm-sys/fastchat

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinit...

CVE-2024-10907 Denial of Service (DoS) via Multipart Boundary in lm-sys/fastchat

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinit...

CVE-2024-10907

CVE-2024-10907 affects lm-sys/fastchat Release v0.2.36. The server fails to handle excessive characters appended to the end of multipart boundaries, allowing an unauthenticated attacker to send malformed multipart requests. Each extra boundary character can be processed in an infinite loop, causi...

CVE-2024-11603 Server-Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

CVE-2024-11603 Server-Side Request Forgery in lm-sys/fastchat

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

CVE-2024-11603

Summary: CVE-2024-11603 is a Server-Side Request Forgery (SSRF) vulnerability in lm-sys/fastchat 0.2.36. The flaw resides in the /queue/join? endpoint where insufficient validation of the path parameter enables crafted requests that can reach internal networks or the AWS metadata endpoint. Multip...

CVE-2024-10908

The CVE-2024-10908 entry describes an open redirect vulnerability in lm-sys/fastchat release 0.2.36. The issue allows remote, unauthenticated attackers to redirect users to arbitrary URLs, enabling phishing, malware distribution, and credential theft. Affected component: lm-sys/fastchat, version ...

CVE-2024-10908 Open Redirect in lm-sys/fastchat

An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...

FastChat 输入验证错误漏洞

FastChat is an open platform from LMSYS for training, deploying, and evaluating chatbots based on large language models. An input validation error vulnerability exists in FastChat version v0.2.36, which stems from an open redirection vulnerability that could lead to phishing attacks, malware...

FastChat 代码问题漏洞

FastChat is an open platform from LMSYS for training, deploying and evaluating chatbots based on large-scale language models. A code issue vulnerability exists in FastChat version 0.2.36, which stems from insufficient validation of path parameters and could lead to a server-side request forgery...

FastChat 代码问题漏洞

FastChat is an open platform from LMSYS for training, deploying, and evaluating chatbots based on large language models. FastChat suffers from a code issue vulnerability that stems from server-side request forgery that could lead to internal resource access...

FastChat 资源管理错误漏洞

FastChat is an open platform from LMSYS for training, deploying and evaluating chatbots based on large language models. A resource management error vulnerability exists in FastChat version 0.2.36, which stems from improper handling of large filenames in the file upload feature and could lead to a...

FastChat 资源管理错误漏洞

FastChat is an open platform from LMSYS for training, deploying, and evaluating chatbots based on large language models. A resource management error vulnerability exists in FastChat version v0.2.36, which stems from the server's inability to handle excessive characters at the end of multipart...

data-agora (=0.1.1), dtx (>=0.31.0 <=0.34.0) +10 more potentially affected by CVE-2024-10044 via fastchat (=0.1.0)

fastchat PYPI version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on fastchat and may be impacted: - data-agora =0.1.1 - dtx =0.31.0, =0.2.0, =0.18.3, =0.0.2, =0.4.0, =0.0.1, =0.1.3, =0.1.0, =0.1.0, =0.1.1 Source cves: CVE-2024-10044 Source...

Server-side Request Forgery (SSRF)

Overview fastchat is a fastchat with guidance support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the workergeneratestream API endpoint. An attacker can exploit the victim controller API server's credentials to perform unauthorized web actions or...