Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in vllm-project/vllm
Vulnerability Description
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pickle data.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
vLLM 操作系统命令注入漏洞
Vulnerability Description
vLLM是vLLM开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.6.0版本存在操作系统命令注入漏洞,该漏洞源于AsyncEngineRPCServer函数未对反序列化数据进行清理,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A