3 matches found
Deserialization of Untrusted Data
Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the makehandlercoro function used by the async RPC server for communication between nodes, which uses pickle fo...
GHSA-6XRF-Q977-5VGC json-pointer vulnerable to Prototype Pollution
A vulnerability, which was classified as critical, has been found in json-pointer up to 0.6.1. Affected by this issue is the function set of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. The attack may be...
PT-2022-28063 · Unknown · Json-Pointer
Name of the Vulnerable Software and Affected Versions: json-pointer versions up to 0.6.1 Description: A critical issue has been found in the function set of the file index.js, leading to improperly controlled modification of object prototype attributes, also known as 'prototype pollution'. This...