Vllm-Project Vllm vulnerabilities
2 known vulnerabilities affecting vllm-project/vllm-project_vllm.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2024-9053CRITICALCVSS 9.8≥ unspecified, ≤ latest2025-03-20
CVE-2024-9053 [CRITICAL] CWE-502 CVE-2024-9053: vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server en
vllm-project vllm version 0.6.0 contains a vulnerability in the AsyncEngineRPCServer() RPC server entrypoints. The core functionality run_server_loop() calls the function _make_handler_coro(), which directly uses cloudpickle.loads() on received messages without any sanitization. This can result in remote code execution by deserializing malicious pic
nvd
CVE-2024-11041CRITICALCVSS 9.8≥ unspecified, ≤ latest2025-03-20
CVE-2024-11041 [CRITICAL] CWE-502 CVE-2024-11041: vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function
vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victim's machine to execute arbitrary
nvd