Deserialization Of Untrusted Data

vLLM is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to insufficient validation of user-supplied serialized tensors during loading, which allows an attacker to craft malicious inputs that trigger out-of-bounds memory writes and crash or compromise the server...