LibreChat Unrestricted Fork Function Vulnerability Leading to Denial-of-Service

A denial-of-service vulnerability exists in LibreChat due to an unrestricted fork function in the API endpoint '/api/convos/fork'. This vulnerability allows users to rapidly fork large amounts of content, particularly Mermaid graphs with many nodes. Such actions can exhaust the JavaScript heap memory, causing the service to crash after a restart. This issue is present in the latest version of LibreChat.

Impact

Exploitation of this vulnerability causes the LibreChat service to crash, particularly after a restart, due to excessive memory usage. This disruption prevents normal service operation.

Reproduction

The vulnerability can be reproduced by sending a high volume of fork requests to the '/api/convos/fork' endpoint. This can be done using a script that automates the process, such as one written in JavaScript with the 'aiohttp' library. The forked content should include a Mermaid graph with a large number of nodes to effectively trigger the denial-of-service condition.

Remediation

Users can update to LibreChat version 0.7.9, where this vulnerability has been fixed.