11 matches found
CVE-2026-44471
gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...
EUVD-2025-7450
Malicious code in bioql PyPI...
Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
This issue arises from the prefix caching mechanism, which may expose the system to a timing side-channel attack. Description When a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First...
GHSA-4QJH-9FV9-R85R Potential Timing Side-Channel Vulnerability in vLLM’s Chunk-Based Prefix Caching
This issue arises from the prefix caching mechanism, which may expose the system to a timing side-channel attack. Description When a new prompt is processed, if the PageAttention mechanism finds a matching prefix chunk, the prefill process speeds up, which is reflected in the TTFT Time to First...
CVE-2025-1953
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...
CVE-2025-1953
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...
CVE-2025-1953
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...
CVE-2025-1953
CVE-2025-1953 affects vLLM AIBrix 0.2.0. The issue resides in the Prefix Caching component, specifically file pkg/plugins/gateway/prefixcacheindexer/hash.go, where manipulation leads to insufficiently random values. Public documents describe the vulnerability as having a high attack complexity an...
CVE-2025-1953 vLLM AIBrix Prefix Caching hash.go random values
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...
CVE-2025-1953 vLLM AIBrix Prefix Caching hash.go random values
A vulnerability has been found in vLLM AIBrix 0.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pkg/plugins/gateway/prefixcacheindexer/hash.go of the component Prefix Caching. The manipulation leads to insufficiently random values. The...
Cache Poisoning
vLLM is vulnerable to Cache Poisoning. The vulnerability is due to hash collisions due to the use of Python's built-in hash function for prefix caching, which makes hashNone a predictable constant value, allowing an attacker to intentionally populate the cache with colliding prompts and interfere...