Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SSRF in POST /worker_generate_stream API endpoint in lm-sys/fastchat
Vulnerability Description
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
FastChat 代码问题漏洞
Vulnerability Description
FastChat是LMSYS Org的是一个用于训练、部署和评估基于大型语言模型的聊天机器人的开放平台。 FastChat存在代码问题漏洞,该漏洞源于POST/worker_generate_stream API端点中存在服务器端请求伪造漏洞,允许攻击者执行未经授权的网络动作或访问未经授权的网络资源。
CVSS Information
N/A
Vulnerability Type
N/A