sglang 0.5.12.post1

Direct Vulnerabilities

Known vulnerabilities in the sglang package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
C Deserialization of Untrusted Data sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the `ROUTER` socket which binds to 0.0.0.0 by default and deserializes incoming messages using `pickle.loads`. An unauthenticated attacker can execute arbitrary code by sending specially crafted pickle data to the exposed socket. Note: This is only exploitable if multimodal runtime is enabled and the scheduler socket is reachable (`--host 0.0.0.0`). How to fix Deserialization of Untrusted Data? There is no fixed version for `sglang`.	[0.5.5,)
H Directory Traversal sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Directory Traversal via the upload filename parameter in specific endpoints. An unauthenticated attacker can overwrite or create arbitrary files on the server by including directory traversal sequences in the filename. Note: This is only exploitable if multimodal runtime is enabled. How to fix Directory Traversal? There is no fixed version for `sglang`.	[0.5.5,)
C Deserialization of Untrusted Data sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the `--enable-custom-logit-processor` option, which allows untrusted Python objects to be deserialized through the `dill.loads` function. An attacker can execute arbitrary code remotely by sending crafted serialized objects to the affected service. Note: This is only exploitable if the `--enable-custom-logit-processor` option is enabled. How to fix Deserialization of Untrusted Data? There is no fixed version for `sglang`.	[0.4.1.post7,)
M Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') sglang is a SGLang is a fast serving framework for large language models and vision language models. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the `get_tokenizer` function in the HuggingFace Transformer Handler component. An attacker can achieve unauthorized access to sensitive information, modify data, or disrupt application functionality by providing specially crafted input that leads to unsafe deserialization. How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')? There is no fixed version for `sglang`.	[0.5.10rc0,)

Vulnerability

Vulnerable Version

Deserialization of Untrusted Data

sglang is a SGLang is a fast serving framework for large language models and vision language models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the ROUTER socket which binds to 0.0.0.0 by default and deserializes incoming messages using pickle.loads. An unauthenticated attacker can execute arbitrary code by sending specially crafted pickle data to the exposed socket.

Note: This is only exploitable if multimodal runtime is enabled and the scheduler socket is reachable (--host 0.0.0.0).

How to fix Deserialization of Untrusted Data?

There is no fixed version for sglang.

[0.5.5,)

Directory Traversal

sglang is a SGLang is a fast serving framework for large language models and vision language models.

Affected versions of this package are vulnerable to Directory Traversal via the upload filename parameter in specific endpoints. An unauthenticated attacker can overwrite or create arbitrary files on the server by including directory traversal sequences in the filename.

Note: This is only exploitable if multimodal runtime is enabled.

How to fix Directory Traversal?

There is no fixed version for sglang.

[0.5.5,)

Deserialization of Untrusted Data

sglang is a SGLang is a fast serving framework for large language models and vision language models.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the --enable-custom-logit-processor option, which allows untrusted Python objects to be deserialized through the dill.loads function. An attacker can execute arbitrary code remotely by sending crafted serialized objects to the affected service.

Note: This is only exploitable if the --enable-custom-logit-processor option is enabled.

How to fix Deserialization of Untrusted Data?

There is no fixed version for sglang.

[0.4.1.post7,)

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

sglang is a SGLang is a fast serving framework for large language models and vision language models.

Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') via the get_tokenizer function in the HuggingFace Transformer Handler component. An attacker can achieve unauthorized access to sensitive information, modify data, or disrupt application functionality by providing specially crafted input that leads to unsafe deserialization.

How to fix Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')?

There is no fixed version for sglang.

[0.5.10rc0,)

sglang@0.5.12.post1

SGLang is a fast serving framework for large language models and vision language models.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically