2 matches found
Arbitrary Code Injection
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Arbitrary Code Injection via the config class named NemotronNanoVLConfig. An attacker can execute arbitrary code on the host system by publishing a...
Out-of-bounds Write
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Out-of-bounds Write via the todense function in the Completions API endpoint when processing user-supplied prompt embeddings. An attacker can achiev...