HIGH 7.5

GHSA-w2r7-9579-27hf

vLLM denial of service vulnerability

Details

A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / vllm

Introduced in: 0 Fixed in: 0.5.5

Fix pip install --upgrade 'vllm>=0.5.5'

References

https://nvd.nist.gov/vuln/detail/CVE-2024-8768 [ADVISORY]
https://github.com/vllm-project/vllm/issues/7632 [WEB]
https://github.com/vllm-project/vllm/pull/7746 [WEB]
https://github.com/vllm-project/vllm/commit/e25fee57c2e69161bd261f5986dc5aeb198bbd42 [WEB]
https://access.redhat.com/security/cve/CVE-2024-8768 [WEB]
https://bugzilla.redhat.com/show_bug.cgi?id=2311895 [WEB]
https://github.com/vllm-project/vllm [PACKAGE]