Safety vulnerability ID: 73285
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Improper handling of the 'best_of' parameter in the ilab model serve component's vllm JSON web API can lead to a Denial of Service (DoS) vulnerability. When attackers set this parameter to a large value during LLM-based sentence or chat completion requests, the API fails to manage timeouts or resource exhaustion effectively. This oversight allows malicious actors to consume excessive system resources, rendering the API unresponsive and blocking legitimate users from accessing the service. The vulnerability stems from the API's attempt to return the best completion from several options without proper safeguards against resource-intensive requests.
Latest version: 0.6.4.post1
A high-throughput and memory-efficient inference and serving engine for LLMs
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application