PyPi: Vllm

CVE-2024-8768

Safety vulnerability ID: 73284

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 17, 2024 Updated at Nov 15, 2024

Scan your Python projects for vulnerabilities →

Advisory

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

Affected package

vllm

Latest version: 0.6.4.post1

A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-w2r7-9579-27hf
https://github.com/vllm-project/vllm/issues/7632
https://github.com/vllm-project/vllm/commit/e25fee57c2e69161bd261f5986dc5aeb198bbd42
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8768

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application