Arthur-Stat

Name of the Vulnerable Software and Affected Versions vLLM versions 0.16.0 through 0.18.99 Description vLLM, an inference and serving engine for large language models, contains a server-side request forgery (SSRF) flaw in the `download bytes from url` function. This allows an attacker who can control the batch input JSON to make the vLLM batch runner issue arbitrary HTTP/HTTPS requests from the server, without any URL validation or domain restrictions. The vulnerability resides in the `run batch.py` file, specifically within the `download bytes from url` function, which directly calls `session.get(url)` on a URL provided in the batch input JSON. The `file url` parameter within `BatchTranscriptionRequest` and `BatchTranslationRequest` is vulnerable, as it lacks domain, IP, or port restrictions. This can be exploited to target internal services reachable from the vLLM host. Recommendations Update to vLLM version 0.19.0 or later.