CVE-2024-10912: FastChat Denial of Service vulnerability

March 20, 2025 (updated March 21, 2025)

A Denial of Service (DoS) vulnerability exists in the file upload feature of lm-sys/fastchat version 0.2.36. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable to legitimate users.

References

github.com/advisories/GHSA-79rp-v9rm-gxm8
github.com/lm-sys/FastChat
huntr.com/bounties/52f335b8-1134-4d0f-acb4-efef516de414
nvd.nist.gov/vuln/detail/CVE-2024-10912

Code Behaviors & Features

Detect and mitigate CVE-2024-10912 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →