Server-side Request Forgery (SSRF)

Overview fastchat is a fastchat with guidance support Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the workergeneratestream API endpoint. An attacker can exploit the victim controller API server's credentials to perform unauthorized web actions or...

CVE-2024-10044

A Server-Side Request Forgery SSRF vulnerability exists in the POST /workergeneratestream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's...

FastChat 代码问题漏洞

FastChat is LMSYS Org's is an open platform for training, deploying, and evaluating chatbots based on large language models. A code issue vulnerability exists in FastChat that stems from a server-side request forgery vulnerability in the POST/workergeneratestream API endpoint that allows an...