Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
vLLM denial of service via prompt embeds on M-RoPE models
Vulnerability Description
vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is authorized to make a /v1/completions request can make such a request and induce a crash. This issue is fixed in version 0.24.0.
CVSS Information
N/A
Vulnerability Type
可达断言
Vulnerability Title
vLLM 异常处理不当漏洞
Vulnerability Description
vLLM是vLLM团队开源的一个适用于 LLM 的高吞吐量和内存高效推理和服务引擎。 vLLM 0.12.0版本至0.24.0之前版本存在异常处理不当漏洞,该漏洞源于向 /v1/completions 请求中发送纯提示嵌入有效载荷,会导致 EngineCore 断言失败并崩溃,造成远程授权用户可使服务器应用程序关闭。
CVSS Information
N/A
Vulnerability Type
N/A