Lonelyuan

**Name of the Vulnerable Software and Affected Versions** vLLM versions 0.8.0 through 0.8.4 **Description** The issue concerns a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. It is caused by inefficient list concatenation operations, resulting in quadratic time complexity (O(n²)), which allows malicious actors to trigger resource exhaustion via specially crafted inputs. **Recommendations** For versions 0.8.0 through 0.8.4, update to version 0.8.5 to resolve the issue. As a temporary workaround, consider restricting the use of the multimodal tokenizer to minimize the risk of exploitation.