fastchat@0.1.0 vulnerabilities

fastchat with guidance support

latest version

0.1.0

first published

10 months ago

latest version published

10 months ago

licenses detected

MIT
[0,)

View fastchat package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the fastchat package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Server-side Request Forgery (SSRF) fastchat is a fastchat with guidance support Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the `worker_generate_stream` API endpoint. An attacker can exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the `POST /register_worker` endpoint. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `fastchat`.	[0,)

Server-side Request Forgery (SSRF)

fastchat is a fastchat with guidance support

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the worker_generate_stream API endpoint. An attacker can exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint.

How to fix Server-side Request Forgery (SSRF)?

There is no fixed version for fastchat.

[0,)

Go back to all versions of this package