4 known bugs in sglang, with affected versions, fixes and workarounds. Sourced from upstream issue trackers.
| Severity | Affected | Fixed in | Title | Status | Source |
|---|---|---|---|---|---|
| high | any | 0.5.10 | SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script. | fixed | osv:GHSA-hvwj-8w5g-28rg |
| medium |
Get this data programmatically \u2014 free, no authentication.
curl https://depscope.dev/api/bugs/pypi/sglang| any |
| 0.5.4 |
SGLang Remote Code Execution Vulnerability via Unsafe Deserialization in update_weights_from_tensor A security flaw has been discovered in lmsys sglang 0.4.6. Affected by this vulnerability is the function main of the file /update_weights_from_tensor. The manipulation of the argument serialized_named_tensors results in deserialization. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way. |
| fixed |
| osv:GHSA-9w53-xr52-mwgj |
| critical | any | 0.5.10 | SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker SGLang's multimodal generation module is vulnerable to unauthenticated remote code execution through the ZMQ broker, which deserializes untrusted data using pickle.loads() without authentication. | fixed | osv:GHSA-rgq9-fqf5-fv58 |
| critical | any | 0.5.10 | SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module SGLang's encoder parallel disaggregation system is vulnerable to unauthenticated remote code execution through the disaggregation module, which deserializes untrusted data using pickle.loads() without authentication. | fixed | osv:GHSA-jx93-g359-86wm |