6 matches found
CVE-2026-25960
vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...
CVE-2026-25960 SSRF Protection Bypass in vLLM
vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...
GHSA-V359-JJ2V-J536 vLLM has SSRF Protection Bypass
Summary The SSRF protection fix for https://github.com/vllm-project/vllm/security/advisories/GHSA-qh4c-xf7m-gxfc can be bypassed in the loadfromurlasync method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. Affected Component - File:...
PT-2026-24113
vLLM is an inference and serving engine for large language models LLMs. The SSRF protection fix for CVE-2026-24779 add in 0.15.1 can be bypassed in the load from url async method due to inconsistent URL parsing behavior between the validation layer and the actual HTTP client. The SSRF fix uses...
OPENSUSE-SU-2024:12893-1 python310-yarl-1.9.2-1.1 on GA media
These are all security issues fixed in the python310-yarl-1.9.2-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:12742-1 python310-yarl-1.8.2-3.1 on GA media
These are all security issues fixed in the python310-yarl-1.8.2-3.1 package on the GA media of openSUSE Tumbleweed...