HIGH 7.5
PYSEC-2026-2024
vLLM denial of service vulnerability
상세
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2024-8768 [ADVISORY]
- https://github.com/vllm-project/vllm/issues/7632 [WEB]
- https://github.com/vllm-project/vllm/pull/7746 [WEB]
- https://github.com/vllm-project/vllm/commit/e25fee57c2e69161bd261f5986dc5aeb198bbd42 [WEB]
- https://access.redhat.com/security/cve/CVE-2024-8768 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=2311895 [WEB]
- https://github.com/vllm-project/vllm [PACKAGE]
- https://pypi.org/project/vllm [PACKAGE]
- https://github.com/advisories/GHSA-w2r7-9579-27hf [ADVISORY]