9 matches found
EUVD-2025-6874
Malicious code in bioql PyPI...
Remote Code Execution (RCE)
vllm is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization due to the AsyncEngineRPCServer using cloudpickle.loads on received messages without sanitization, allowing an attacker to execute arbitrary code by sending malicious pickle data...
CVE-2024-9053
A flaw was found in the vLLM AsyncEngineRPCServer. This vulnerability allows remote code execution via deserialization of untrusted data. Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising eas...
GHSA-CJ47-QJ6G-X7R4 vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...
vLLM allows Remote Code Execution by Pickle Deserialization via AsyncEngineRPCServer() RPC server entrypoints
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...
PYSEC-2025-222
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...
PYSEC-2025-222
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...
CVE-2024-9053
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer RPC server entrypoints. The core functionality runserverloop calls the function makehandlercoro, which directly uses cloudpickle.loads on received messages without any sanitization. This can result in remote code...
vLLM 操作系统命令注入漏洞
vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. An operating system command injection vulnerability exists in vLLM version 0.6.0, which stems from a failure to clean up deserialized data in the AsyncEngineRPCServer function, which could lead t...