CVE-2024-9052 Information
Mar 21, 2025
cve
Description
vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recv_object() deserializes received object bytes using pickle.loads() without sanitization leading to a remote code execution vulnerability.
Reference
https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8
Share on: