CVE-2024-11041 Remote Code Execution in vllm-project/vllm

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue,...

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient reasoning and serving engine for LLM. A code issue vulnerability exists in vLLM version v0.6.2, which stems from a remote code execution vulnerability in the MessageQueue.dequeue API function...