FastGPT Code-Sandbox Component Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the code-sandbox component of FastGPT, an AI agent building platform, in versions through 4.14.13. The issue arises from inadequate resource isolation and uncontrolled resource consumption. The service depends on a soft application-level memory management limit, allowing attackers to bypass memory checks and exhaust the JavaScript worker pool with CPU-intensive requests. This exploitation leads to service degradation for legitimate users.

Impact

Exploitation of this vulnerability causes a complete denial-of-service by exhausting the JavaScript worker pool, leaving no available workers for legitimate requests. Additionally, in cloud environments, this unchecked resource consumption can result in unexpected infrastructure costs.

Reproduction

The vulnerability can be reproduced by sending a payload that allocates a large amount of memory while releasing it just before the next memory check, bypassing the application's memory limit. This can be done by posting a request to the sandbox endpoint with a code that creates a memory-intensive operation. Once the memory limit is bypassed, the worker remains active instead of being terminated. Alternatively, the worker pool can be exhausted by sending concurrent requests that occupy all available workers, causing legitimate requests to time out.