Security Advisory

CVE-2024-11041

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-20 10:10:40

Last updated 2025-03-20 18:18:48

Assigner @huntr_ai

State PUBLISHED

Description

vllm-project vllm version v0.6.2 contains a vulnerability in the MessageQueue.dequeue() API function. The function uses pickle.loads to parse received sockets directly, leading to a remote code execution vulnerability. An attacker can exploit this by sending a malicious payload to the MessageQueue, causing the victims machine to execute arbitrary code.

← Browse all CVEs View on cve.org ↗