VDB
CVE-2024-9052
CVE-2024-9052
PUBLISHED
vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object
EPSS 0.33% · 52.8th percentile
Risk Scores
EPSS Score
0.33%
52.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| PyPI | vllm | 0 |
Timeline
- Mar 20, 2025 CVE Published
- Mar 20, 2025 EPSS Score
- Mar 20, 2025 PoC Published
- Mar 20, 2025 PoC Published
- Mar 21, 2025 EPSS Score
- Mar 22, 2025 EPSS Score
- Mar 23, 2025 EPSS Score
- Mar 24, 2025 EPSS Score
- Mar 25, 2025 EPSS Score
- Mar 26, 2025 EPSS Score
- Mar 27, 2025 EPSS Score
- Mar 28, 2025 EPSS Score
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-9052 advisory
- https://github.com/github/advisory-database/pull/5444 url
- https://github.com/vllm-project/vllm package
- https://github.com/vllm-project/vllm/blob/32e7db25365415841ebc7c4215851743fbb1bad1/vllm/distributed/parallel_state.py#L480 url
- https://github.com/vllm-project/vllm/blob/v0.8.1/vllm/distributed/parallel_state.py#L457 url
- https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8 url