sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via improper validation of the Host header in inbound HTTP requests. An attacker can gain unauthorized access to sensitive data, execute arbitrary code, and perform actions such as installing malicious extensions or injecting arbitrary HTML by leveraging DNS rebinding techniques.

Note: The vulnerability has been patched by introducing a server configuration setting that enables a validation of host names in inbound HTTP requests; However, the setting is disabled by default to maintain backwards compatibility. Users are recommended to review their server configurations and apply necessary changes to their setup.

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the load_from_url and load_from_url_async methods of the MediaConnector class, which fetch and process media from user-supplied URLs without sufficient restrictions on target hosts. An attacker can coerce the vLLM server into making arbitrary requests to internal network resources.

Note:

This vulnerability is particularly critical in containerized environments like llm-d, where a compromised vLLM pod could be used to scan the internal network, interact with other pods, and potentially cause denial of service or access sensitive data.

##Workaround

To address this vulnerability, it is essential to restrict the URLs that the MediaConnector can access. The principle of least privilege should be applied.

It is recommend to implement a configurable allowlist or denylist for domains and IP addresses.

• Allowlist: The most secure approach is to allow connections only to a predefined list of trusted domains. This could be configured via a command-line argument, such as --allowed-media-domains. By default, this list could be empty, forcing administrators to explicitly enable external media fetching.

• Denylist: Alternatively, a denylist could block access to private IP address ranges (127.0.0.1, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and other sensitive domains.

A check should be added at the beginning of the load_from_url methods to validate the parsed hostname against this list before any connection is made.

org.xwiki.platform:xwiki-platform-oldcore is a generic wiki platform offering runtime services for applications built on top of it.

Affected versions of this package are vulnerable to SQL Injection via the orderField parameter in the REST API. An attacker can execute arbitrary HQL statements by injecting crafted input, potentially leading to unauthorized data access or manipulation.