Опубликовано: 17 сент. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
vLLM denial of service vulnerability
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-8768
- https://github.com/vllm-project/vllm/issues/7632
- https://github.com/vllm-project/vllm/pull/7746
- https://github.com/vllm-project/vllm/commit/e25fee57c2e69161bd261f5986dc5aeb198bbd42
- https://access.redhat.com/security/cve/CVE-2024-8768
- https://bugzilla.redhat.com/show_bug.cgi?id=2311895
Пакеты
Наименование
vllm
pip
Затронутые версииВерсия исправления
< 0.5.5
0.5.5
Связанные уязвимости
CVSS3: 7.5
redhat
больше 1 года назад
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
CVSS3: 7.5
nvd
больше 1 года назад
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
CVSS3: 7.5
debian
больше 1 года назад
A flaw was found in the vLLM library. A completions API request with a ...