10 matches found
Incorrect Synchronization
Overview fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Incorrect Synchronization in the form of synchronous invocation of the apigenerate and generategate functions in the Worker API. An...
EUVD-2026-23778
A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...
CVE-2026-6607
A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...
FastChat 安全漏洞
FastChat is an open-source platform developed by LMSYS for training, deploying, and evaluating chatbots based on large language models. Versions of FastChat prior to 0.2.36 contain security vulnerabilities, which stem from incorrect operations on the apigenerate function within the Worker API...
GHSA-65P9-J6PG-72HJ billboard.js allows prototype pollution via the function generate
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
billboard.js 安全漏洞
billboard.js is a reusable, simple interface JavaScript charting library based on D3.js open-sourced by NAVER. A security vulnerability exists in billboard.js versions prior to 3.15.1, which stems from prototype contamination in the generate function and could lead to the execution of arbitrary...
Deserialization of Untrusted Data
Overview yiisoft/yii2 is a Yii PHP Framework. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the Generate function. Details Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be...
CVE-2022-48629
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...
CVE-2022-48629
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng - ensure buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. qcomrngread can run into a situation...
CVE-2023-41330 Unsafe deserialization in knplabs/knp-snappy
knplabs/knp-snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Issue On March 17th the vulnerability CVE-2023-28115 was disclosed, allowing an attacker to gain remote code execution through PHAR deserialization. Version 1.4.2 added a check if...