86 matches found
FastChat 安全漏洞
FastChat is an open-source platform developed by LMSYS for training, deploying, and evaluating chatbots based on large language models. Versions of FastChat prior to 0.2.36 contain security vulnerabilities. These vulnerabilities stem from incorrect operations on the addtext function in the Arena...
PT-2026-33713
Name of the Vulnerable Software and Affected Versions lm-sys fastchat versions prior to 0.2.37 Description A flaw in the Worker API Endpoint allows remote attackers to cause resource consumption through the manipulation of the api generate function. Recommendations Install the patch provided in...
FastChat 安全漏洞
FastChat is an open-source platform developed by LMSYS for training, deploying, and evaluating chatbots based on large language models. Versions of FastChat prior to 0.2.36 contain security vulnerabilities, which stem from incorrect operations on the apigenerate function within the Worker API...
PT-2026-33714
Name of the Vulnerable Software and Affected Versions lm-sys fastchat versions prior to 0.2.37 Description Remote Code Execution is possible in the Arena Side-by-Side View Handler component via the add text function. Manipulation of this function results in incorrect control flow, allowing an...
EUVD-2025-7063
Malicious code in bioql PyPI...
EUVD-2025-7062
Malicious code in bioql PyPI...
EUVD-2025-7033
Malicious code in bioql PyPI...
EUVD-2025-7008
Malicious code in bioql PyPI...
EUVD-2025-11794
Malicious code in bioql PyPI...
EUVD-2024-33573
Malicious code in bioql PyPI...
CVE-2025-3677
A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function splitfiles/applydeltalowcpumem of the file fastchat/model/applydelta.py. The manipulation leads to deserialization. An attack has to be approached locally...
CVE-2025-3677
A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function splitfiles/applydeltalowcpumem of the file fastchat/model/applydelta.py. The manipulation leads to deserialization. An attack has to be approached locally...
CVE-2025-3677 lm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserialization
A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function splitfiles/applydeltalowcpumem of the file fastchat/model/applydelta.py. The manipulation leads to deserialization. An attack has to be approached locally...
CVE-2025-3677 lm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserialization
A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function splitfiles/applydeltalowcpumem of the file fastchat/model/applydelta.py. The manipulation leads to deserialization. An attack has to be approached locally...
CVE-2025-3677
CVE-2025-3677 affects lm-sys fastchat up to 0.2.36. A vulnerability in fastchat/model/apply_delta.py -> split_files/apply_delta_low_cpu_mem allows deserialization when manipulated locally. The connected docs specify a local-access exploitation vector; no exploit details are provided and no rem...
CVE-2025-3677 lm-sys fastchat apply_delta.py apply_delta_low_cpu_mem deserialization
A vulnerability classified as critical was found in lm-sys fastchat up to 0.2.36. This vulnerability affects the function splitfiles/applydeltalowcpumem of the file fastchat/model/applydelta.py. The manipulation leads to deserialization. An attack has to be approached locally...
FastChat 代码问题漏洞
FastChat is an open source platform from LMSYS for training, deploying and evaluating chatbots based on large language models. A code issue vulnerability exists in FastChat version 0.2.36 and earlier, which stems from a deserialization issue in the splitfiles/applydeltalowcpumem function in the...
CVE-2024-10908
An open redirect vulnerability in lm-sys/fastchat Release v0.2.36 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a specially crafted URL. This can be exploited for phishing attacks, malware distribution, and credential theft...
CVE-2024-12376
A Server-Side Request Forgery SSRF vulnerability was identified in the lm-sys/fastchat web server, specifically in the affected version git 2c68a13. This vulnerability allows an attacker to access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials...
CVE-2024-10912
A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...