fschat 0.1.3 vulnerabilities

Known vulnerabilities in the fschat package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
H Denial of Service (DoS) fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Denial of Service (DoS) through the handling of multipart boundaries. An attacker can cause excessive resource consumption and a complete denial of service by sending malformed multipart requests with arbitrary characters at the end of the boundary. How to fix Denial of Service (DoS)? There is no fixed version for `fschat`.	[0,)
H Server-side Request Forgery (SSRF) fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) through the `/queue/join?` endpoint. An attacker can gain unauthorized access to internal networks or the AWS metadata endpoint, potentially exposing sensitive data and compromising internal servers by sending crafted requests with insufficiently validated path parameters. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `fschat`.	[0,)
H Server-side Request Forgery (SSRF) fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) due to improper web server configuration. An attacker can access internal server resources and data that are otherwise inaccessible, such as AWS metadata credentials by sending crafted requests to the server. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `fschat`.	[0,)
H Denial of Service (DoS) fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Denial of Service (DoS) through the file upload feature. An attacker can cause the server to become overwhelmed and unavailable to legitimate users by sending a payload with an excessively large filename. How to fix Denial of Service (DoS)? There is no fixed version for `fschat`.	[0,)
M Open Redirect fschat is an An open platform for training, serving, and evaluating large language model based chatbots. Affected versions of this package are vulnerable to Open Redirect via a specially crafted URL. An attacker can redirect users to arbitrary websites by manipulating the URL parameters. This can be exploited for phishing attacks, malware distribution, and credential theft. How to fix Open Redirect? There is no fixed version for `fschat`.	[0,)

Vulnerability

Vulnerable Version

Denial of Service (DoS)

fschat is an An open platform for training, serving, and evaluating large language model based chatbots.

Affected versions of this package are vulnerable to Denial of Service (DoS) through the handling of multipart boundaries. An attacker can cause excessive resource consumption and a complete denial of service by sending malformed multipart requests with arbitrary characters at the end of the boundary.

How to fix Denial of Service (DoS)?