CVE-2026-6607

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function apigenerate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

FastChat - Open Redirect

Detects an open redirect vulnerability in lm-sys/fastchat version 0.2.36, which allows attackers to redirect users to malicious URLs. id: CVE-2024-10908 info: name: FastChat - Open Redirect author: DhiyaneshDK severity: medium description: | Detects an open redirect vulnerability in lm-sys/fastch...

EUVD-2026-23780

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

FastChat 安全漏洞

FastChat is an open-source platform developed by LMSYS for training, deploying, and evaluating chatbots based on large language models. Versions of FastChat prior to 0.2.36 contain security vulnerabilities, which stem from incorrect operations on the apigenerate function within the Worker API...

GHSA-H254-G997-685C FastChat Server-Side Request Forgery vulnerability

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

GHSA-QG86-F892-M4HJ FastChat Uncontrolled Resource Consumption vulnerability

In lm-sys/fastchat Release v0.2.36, the server fails to handle excessive characters appended to the end of multipart boundaries. This flaw can be exploited by sending malformed multipart requests with arbitrary characters at the end of the boundary. Each extra character is processed in an infinit...

GHSA-79RP-V9RM-GXM8 FastChat Denial of Service vulnerability

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-11603

A Server-Side Request Forgery SSRF vulnerability exists in lm-sys/fastchat version 0.2.36. The vulnerability is present in the /queue/join? endpoint, where insufficient validation of the path parameter allows an attacker to send crafted requests. This can lead to unauthorized access to internal...

CVE-2024-10912

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-10912

A Denial of Service DoS vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...

CVE-2024-10912

CVE-2024-10912 affects lm-sys/fastchat 0.2.36. The DoS arises from improper handling of multipart/form-data with a very large filename in the file upload path, per Red Hat/NVD/CVE records and related advisories. An attacker can exhaust server resources by sending a payload with an oversized filen...

FastChat 代码问题漏洞

FastChat is an open platform from LMSYS for training, deploying and evaluating chatbots based on large-scale language models. A code issue vulnerability exists in FastChat version 0.2.36, which stems from insufficient validation of path parameters and could lead to a server-side request forgery...

FastChat 资源管理错误漏洞

FastChat is an open platform from LMSYS for training, deploying and evaluating chatbots based on large language models. A resource management error vulnerability exists in FastChat version 0.2.36, which stems from improper handling of large filenames in the file upload feature and could lead to a...

Rust Security Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in net2 crate before 0.2.36 for Rust, which stems from its incorrect expectation of the std::net::SocketAddr memory representation...