Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in vllm-project/vllm
Vulnerability Description
vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victim's machine to execute arbitrary code.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
vLLM 代码问题漏洞
Vulnerability Description
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM v0.6.2版本存在代码问题漏洞,该漏洞源于MessageQueue.dequeue() API函数中的远程代码执行漏洞。
CVSS Information
N/A
Vulnerability Type
N/A