CVE-2024-8768: vLLM denial of service vulnerability
A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service.
References
- access.redhat.com/security/cve/CVE-2024-8768
- bugzilla.redhat.com/show_bug.cgi?id=2311895
- github.com/advisories/GHSA-w2r7-9579-27hf
- github.com/vllm-project/vllm
- github.com/vllm-project/vllm/commit/e25fee57c2e69161bd261f5986dc5aeb198bbd42
- github.com/vllm-project/vllm/issues/7632
- github.com/vllm-project/vllm/pull/7746
- nvd.nist.gov/vuln/detail/CVE-2024-8768
Detect and mitigate CVE-2024-8768 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →