[GHSA-pgr7-mhp5-fgjp] vLLM deserialization vulnerability in vllm.distributed.GroupCoordinator.recv_object #5444
Conversation
There was a problem hiding this comment.
Copilot wasn't able to review any files in this pull request.
Files not reviewed (1)
- advisories/github-reviewed/2025/03/GHSA-pgr7-mhp5-fgjp/GHSA-pgr7-mhp5-fgjp.json: Language not supported
|
Note I didn't mean to change the CVSS (yet, anyway). |
github-actions
bot
changed the base branch from
main
to
russellb/advisory-improvement-5444
|
Hi @russellb, have you contacted Protect AI/Huntr via their CNA email, security@huntr.com? Huntr issued the CVE, and if they aren't aware of the particular circumstances under which exploitation may occur, that's important information for them to have. With respect to vulnerability disclosure and CVEs in general, I noticed that vllm's SECURITY.md was created shortly after https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8 was reported. 👏 I applaud vllm for having a SECURITY.md and enabling private vulnerability reporting and am glad it's available as a resource for future researchers to report their findings. |
advisory-database
bot
merged commit d9e65cb
into
russellb/advisory-improvement-5444
|
Hi @russellb! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future! |
Thanks for that email address pointer. I've tried multiple times in their discord where they offer platform support, but haven't gotten any responses. |
Updates
Comments
Hello, I'm on the vLLM vulnerability management team. This report came out from before we had the team established to assist with the analysis of reports to ensure they were accurately represented.
This is one that takes an internal API and uses it in an intentionally insecure way. vLLM does NOT do what is described here. The issue described here is not a real cocnern unless you were writing your own code using vllm as a library and using internal APIs in a way that vLLM does NOT use them.
We do have a goal of reducing our usage of pickle as much as possible for security reasons. I would consider this report a weakness, but not a vulnerability.