{"data":{"id":"1e7e651c-cc3f-41c3-9349-854dcebf6c0a","title":"CVE-2024-8939: A vulnerability was found in the ilab model serve component, where improper handling of the best_of parameter in the vll","summary":"A vulnerability in the ilab model serve component allows attackers to cause a Denial of Service (DoS, where a service becomes unavailable to legitimate users) by sending a large value for the best_of parameter to the vllm JSON web API (a web interface for accessing an LLM). The API doesn't properly manage timeouts or resource limits, so an attacker can exhaust system resources and crash the service.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-8939","publishedAt":"2024-09-17T21:15:11.327Z","cveId":"CVE-2024-8939","cweIds":["CWE-400"],"cvssScore":"6.2","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["ilab","vLLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00039,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-125","CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"inference","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}