Safety vulnerability ID: 76192
The information on this page was manually curated by our Cybersecurity Intelligence Team.
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data.
Latest version: 0.8.3
A high-throughput and memory-efficient inference and serving engine for LLMs
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application