CVE-2024-9052

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

10 Apr 2025, 16:15

Type Values Removed Values Added
Summary (en) vllm-project vllm version 0.6.0 contains a vulnerability in the distributed training API. The function vllm.distributed.GroupCoordinator.recv_object() deserializes received object bytes using pickle.loads() without sanitization, leading to a remote code execution vulnerability. (en) Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CWE CWE-502
References
  • {'url': 'https://huntr.com/bounties/ea75728f-4efe-4a3d-9f53-33f2c908e9f8', 'source': 'security@huntr.dev'}
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : unknown

20 Mar 2025, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-04-10 16:15


NVD link : CVE-2024-9052

Mitre link : CVE-2024-9052

CVE.ORG link : CVE-2024-9052


JSON object : View

Products Affected

No product.

CWE

No CWE.