Количество 3
Количество 3
CVE-2025-6242
A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources.
CVE-2025-6242
A Server-Side Request Forgery (SSRF) vulnerability exists in the Media ...
GHSA-3f6c-7fw2-ppm4
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-6242 A Server-Side Request Forgery (SSRF) vulnerability exists in the MediaConnector class within the vLLM project's multimodal feature set. The load_from_url and load_from_url_async methods fetch and process media from user-provided URLs without adequate restrictions on the target hosts. This allows an attacker to coerce the vLLM server into making arbitrary requests to internal network resources. | CVSS3: 7.1 | 0% Низкий | 4 месяца назад |
| CVE-2025-6242 A Server-Side Request Forgery (SSRF) vulnerability exists in the Media ... | CVSS3: 7.1 | 0% Низкий | 4 месяца назад |
| GHSA-3f6c-7fw2-ppm4 vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class | CVSS3: 7.1 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу