lm-sys FastChat Denial-of-Service Vulnerability in File Upload Feature
Vulnerability
A denial-of-service vulnerability has been identified in the file upload feature of lm-sys FastChat version 0.2.36. This issue arises from improper handling of form-data, particularly when a large filename is included in the file upload request. An attacker can exploit this vulnerability by sending a payload with an excessively large filename, which overwhelms the server and renders it unavailable to legitimate users.
Impact
Exploitation of this vulnerability causes the server to become unresponsive, disrupting service for all users. The issue can be easily scaled, as anyone with access to the upload endpoint can perform the attack, and no authentication is required.
Reproduction
The vulnerability can be reproduced by sending a POST request to the file upload endpoint with a multipart form-data payload that includes a filename excessively large. This can be done using a script that automates the process, such as one written in Python that uses the requests library to send the payload.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.