Derekhiggins

**Name of the Vulnerable Software and Affected Versions** vLLM versions 0.8.0 through 0.9.0 **Description** The issue arises when the `/v1/completions` API endpoint is hit with an invalid `json schema` as a Guided Param, causing the vLLM server to crash. This is similar to a previously known issue but concerns regex instead of a JSON schema. The problem is triggered by an invalid `json schema` in the `guided json` parameter of the API call. For example, using `{"properties":{"reason":{"type": "stsring"}}}` as the `guided json` will provoke an error. The estimated number of potentially affected devices is not provided. Technical details about exploitation include: - **API Endpoint:** `/v1/completions` - **Vulnerable Parameter:** `guided json` - The error occurs because the `json schema` provided in the `guided json` parameter is invalid, specifically due to a typo in the type definition (`"stsring"` instead of `"string"`). **Recommendations** For versions 0.8.0 through 0.9.0, update to version 0.9.0 or later to fix the issue. As a temporary workaround, consider validating the `json schema` in the `guided json` parameter before passing it to the `/v1/completions` API endpoint to prevent the server from crashing. Restrict access to the `/v1/completions` API endpoint until the update can be applied.