GHSA-527M-2XHR-J27G LLaMA Factory's Chat API Contains Critical SSRF and LFI Vulnerabilities
Summary A Server-Side Request Forgery SSRF vulnerability in the chat API allows any authenticated user to force the server to make arbitrary HTTP requests to internal and external networks. This can lead to the exposure of sensitive internal services, reconnaissance of the internal network, or...