CVE-2024-11041

vllm-project vLLM version 0.6.2 contains a vulnerability in MessageQueue.dequeue() where pickle.loads is used to parse received sockets, enabling remote code execution if a malicious payload is sent to the MessageQueue. Multiple sources (CVE-2024-11041 entries across OSV, RH Red Hat, GHSA, CHAING...