Homepage

vllm@0.8.2 vulnerabilities

A high-throughput and memory-efficient inference and serving engine for LLMs

  • latest version

    0.8.2

  • first published

    1 years ago

  • latest version published

    10 days ago

  • licenses detected

  • View vllm package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the vllm package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Deserialization of Untrusted Data

    vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

    Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the MessageQueue.dequeue() API function. An attacker can execute arbitrary code by sending a malicious payload to the message queue.

    How to fix Deserialization of Untrusted Data?

    There is no fixed version for vllm.

    [0,)
    • C
    Deserialization of Untrusted Data

    vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

    Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the vllm.distributed.GroupCoordinator.recv_object() function, which uses pickle to deserialize payloads. An attacker can execute arbitrary code by sending malicious data to the distributed training API.

    How to fix Deserialization of Untrusted Data?

    There is no fixed version for vllm.

    [0,)
    • M
    Uncontrolled Resource Consumption ('Resource Exhaustion')

    vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs

    Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via the best_of parameter. An attacker can cause the system to become unresponsive and prevent legitimate users from accessing the service by consuming excessive system resources.

    How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')?

    There is no fixed version for vllm.

    [0,)
    Go back to all versions of this package