vllm@0.5.1 vulnerabilities

A high-throughput and memory-efficient inference and serving engine for LLMs

latest version

0.6.3
first published

a year ago
latest version published

2 days ago
licenses detected
- Apache-2.0
  [0,)
View vllm package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the vllm package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Uncontrolled Resource Consumption ('Resource Exhaustion') vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the `best_of` parameter. An attacker can cause the system to become unresponsive and prevent legitimate users from accessing the service by consuming excessive system resources. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? There is no fixed version for `vllm`.	[0,)
H Improper Validation of Syntactic Correctness of Input vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the `process_model_inputs()` and `process_model_inputs_async()` functions, accessible through the completions API. An attacker can crash the server by sending a request with and empty prompt, if a model that does not prepend any data (such as gpt2) is in use by the server. The crash will only happen if the processed prompt that is passed to these functions is still empty. How to fix Improper Validation of Syntactic Correctness of Input? Upgrade `vllm` to version 0.5.5 or higher.	[,0.5.5)

Uncontrolled Resource Consumption ('Resource Exhaustion')

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the best_of parameter. An attacker can cause the system to become unresponsive and prevent legitimate users from accessing the service by consuming excessive system resources.

How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')?

There is no fixed version for vllm.

[0,)

Improper Validation of Syntactic Correctness of Input

vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the process_model_inputs() and process_model_inputs_async() functions, accessible through the completions API. An attacker can crash the server by sending a request with and empty prompt, if a model that does not prepend any data (such as gpt2) is in use by the server. The crash will only happen if the processed prompt that is passed to these functions is still empty.

How to fix Improper Validation of Syntactic Correctness of Input?

Upgrade vllm to version 0.5.5 or higher.

[,0.5.5)

Go back to all versions of this package

vllm@0.5.1 vulnerabilities

A high-throughput and memory-efficient inference and serving engine for LLMs

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities