D3Do-23

**Name of the Vulnerable Software and Affected Versions** LLaMA-Factory versions prior to 0.9.4 **Description** LLaMA-Factory, a tuning library for large language models, contains a Server-Side Request Forgery (SSRF) issue in the chat API. Authenticated users can make the server send arbitrary HTTP requests to internal and external networks, potentially exposing sensitive internal services, allowing network reconnaissance, or interacting with third-party services. A Local File Inclusion (LFI) issue also exists, allowing users to read arbitrary files from the server's filesystem. The issue resides in the ` process request` function within `src/llamafactory/api/chat.py`. This function processes multimodal content from URLs, and if the URL is not a base64 data URI or a local file path, it makes an HTTP GET request using `requests.get(url, stream=True).raw` without validating or sanitizing the URL. **Recommendations** Update LLaMA-Factory to version 0.9.4 or later.

**Name of the Vulnerable Software and Affected Versions** vLLM versions 0.8.0 through 0.8.4 **Description** The issue concerns a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. It is caused by inefficient list concatenation operations, resulting in quadratic time complexity (O(n²)), which allows malicious actors to trigger resource exhaustion via specially crafted inputs. **Recommendations** For versions 0.8.0 through 0.8.4, update to version 0.8.5 to resolve the issue. As a temporary workaround, consider restricting the use of the multimodal tokenizer to minimize the risk of exploitation.