Common Weakness Enumeration

CWE-704

Allowed-with-Review

Incorrect Type Conversion or Cast

Abstraction: Class · Status: Incomplete

The product does not correctly convert an object, resource, or structure from one type to a different type.

334 vulnerabilities reference this CWE, most recent first.

GHSA-72XJ-C9F2-V6RH

Vulnerability from github – Published: 2024-04-01 15:30 – Updated: 2024-04-01 15:30
VLAI
Details

Transient DOS while processing DL NAS TRANSPORT message with payload length 0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33101"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-01T15:15:47Z",
    "severity": "HIGH"
  },
  "details": "Transient DOS while processing DL NAS TRANSPORT message with payload length 0.",
  "id": "GHSA-72xj-c9f2-v6rh",
  "modified": "2024-04-01T15:30:29Z",
  "published": "2024-04-01T15:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33101"
    },
    {
      "type": "WEB",
      "url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-75VM-6W67-GWVP

Vulnerability from github – Published: 2026-07-06 20:50 – Updated: 2026-07-06 20:50
VLAI
Summary
Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking
Details

Summary

Coder's OIDC callback checked email_verified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean (for example the string "false") or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based account fallback, this enabled account takeover.

Impact

An attacker who registered a victim's email at a compatible IdP without verifying it could log in via OIDC and be matched to the victim's existing Coder account, receiving a session for that account. No prior authentication to Coder was required and the result was full account takeover.

Patches

The fix coerces email_verified across bool, string and numeric types (fail-closed) and blocks the email fallback when the matched user already has a different linked IdP subject.

The fix was backported to all supported release lines:

Release line Patched version
2.34 v2.34.2
2.33 v2.33.8
2.32 v2.32.7
2.29 (ESR) v2.29.17

Workarounds

Ensure the IdP returns email_verified as a native JSON boolean. The email-fallback linking issue has no configuration workaround; upgrading is required.

Resources

  • Fix: #25712, #25713

Credits

Coder would like to thank Anthropic's Security Team (ANT-2026-22444) for independently disclosing this issue!

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/coder/coder/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.34.0"
            },
            {
              "fixed": "2.34.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/coder/coder/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.33.0"
            },
            {
              "fixed": "2.33.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/coder/coder/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.30.0"
            },
            {
              "fixed": "2.32.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/coder/coder/v2"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.29.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-55076"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-06T20:50:35Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\n\nCoder\u0027s OIDC callback checked `email_verified` with a direct Go `bool` type assertion. When an IdP returned the claim as a non-boolean (for example the string `\"false\"`) or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based account fallback, this enabled account takeover.\n\n### Impact\n\nAn attacker who registered a victim\u0027s email at a compatible IdP without verifying it could log in via OIDC and be matched to the victim\u0027s existing Coder account, receiving a session for that account. No prior authentication to Coder was required and the result was full account takeover.\n\n### Patches\n\nThe fix coerces `email_verified` across bool, string and numeric types (fail-closed) and blocks the email fallback when the matched user already has a different linked IdP subject.\n\nThe fix was backported to all supported release lines:\n\n| Release line | Patched version |\n|---|---|\n| 2.34 | [v2.34.2](https://github.com/coder/coder/releases/tag/v2.34.2) |\n| 2.33 | [v2.33.8](https://github.com/coder/coder/releases/tag/v2.33.8) |\n| 2.32 | [v2.32.7](https://github.com/coder/coder/releases/tag/v2.32.7) |\n| 2.29 (ESR) | [v2.29.17](https://github.com/coder/coder/releases/tag/v2.29.17) |\n\n### Workarounds\n\nEnsure the IdP returns `email_verified` as a native JSON boolean. The email-fallback linking issue has no configuration workaround; upgrading is required.\n\n### Resources\n\n- Fix: #25712, #25713\n\n### Credits\n\nCoder would like to thank Anthropic\u0027s Security Team (ANT-2026-22444) for independently disclosing this issue!",
  "id": "GHSA-75vm-6w67-gwvp",
  "modified": "2026-07-06T20:50:35Z",
  "published": "2026-07-06T20:50:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/coder/coder/security/advisories/GHSA-75vm-6w67-gwvp"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/coder/coder"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Coder\u0027s OIDC email_verified type coercion bypass enables account takeover via unverified email linking"
}

GHSA-7763-G9RG-H2Q4

Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2022-05-14 02:19
VLAI
Details

Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-15413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-28T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Type confusion in WebAssembly in V8 in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
  "id": "GHSA-7763-g9rg-h2q4",
  "modified": "2022-05-14T02:19:18Z",
  "published": "2022-05-14T02:19:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15413"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:3401"
    },
    {
      "type": "WEB",
      "url": "https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html"
    },
    {
      "type": "WEB",
      "url": "https://crbug.com/766666"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201801-03"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2017/dsa-4064"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-778Q-J98C-H63P

Vulnerability from github – Published: 2025-01-16 18:31 – Updated: 2025-01-16 18:31
VLAI
Details

Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20072"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-16T18:15:28Z",
    "severity": "MODERATE"
  },
  "details": "Mattermost Mobile versions \u003c= 2.22.0 fail to properly validate the style of proto supplied to an action\u0027s style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input.",
  "id": "GHSA-778q-j98c-h63p",
  "modified": "2025-01-16T18:31:00Z",
  "published": "2025-01-16T18:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20072"
    },
    {
      "type": "WEB",
      "url": "https://mattermost.com/security-updates"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-77V3-JWWQ-RC2M

Vulnerability from github – Published: 2022-05-14 03:19 – Updated: 2022-05-14 03:19
VLAI
Details

An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-7407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-05-24T21:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.",
  "id": "GHSA-77v3-jwwq-rc2m",
  "modified": "2022-05-14T03:19:54Z",
  "published": "2022-05-14T03:19:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7407"
    },
    {
      "type": "WEB",
      "url": "https://srcincite.io/advisories/src-2018-0018"
    },
    {
      "type": "WEB",
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104300"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7GCV-76G2-94QM

Vulnerability from github – Published: 2025-10-16 18:30 – Updated: 2025-10-29 21:30
VLAI
Details

A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine.

  • The code first checks if the left-hand operand is a string.

  • It then attempts to convert the right-hand operand to a primitive value using JS_ToPrimitiveFree. This conversion can trigger a callback (e.g., toString or valueOf).

  • During this callback, an attacker can modify the type of the left-hand operand in memory, changing it from a string to a different type (e.g., an object or an array).

  • The code then proceeds to call JS_ConcatStringInPlace, which still treats the modified left-hand value as a string.

This mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a type confusion condition. This can lead to out-of-bounds memory access, potentially resulting in memory corruption and arbitrary code execution in the context of the QuickJS runtime.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-62494"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-10-16T16:15:39Z",
    "severity": "HIGH"
  },
  "details": "A type confusion vulnerability exists in the handling of the string addition (+) operation within the QuickJS engine.\n\n  *  The code first checks if the left-hand operand is a string.\n\n\n  *  It then attempts to convert the right-hand operand to a primitive value using JS_ToPrimitiveFree. This conversion can trigger a callback (e.g., toString or valueOf).\n\n\n  *  During this callback, an attacker can modify the type of the left-hand operand in memory, changing it from a string to a different type (e.g., an object or an array).\n\n\n  *  The code then proceeds to call JS_ConcatStringInPlace, which still treats the modified left-hand value as a string.\n\n\nThis mismatch between the assumed type (string) and the actual type allows an attacker to control the data structure being processed by the concatenation logic, resulting in a type confusion condition. This can lead to out-of-bounds memory access, potentially resulting in memory corruption and arbitrary code execution in the context of the QuickJS runtime.",
  "id": "GHSA-7gcv-76g2-94qm",
  "modified": "2025-10-29T21:30:32Z",
  "published": "2025-10-16T18:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62494"
    },
    {
      "type": "WEB",
      "url": "https://bellard.org/quickjs/Changelog"
    },
    {
      "type": "WEB",
      "url": "https://issuetracker.google.com/434193023"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:P/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7H8W-XX2F-HMR7

Vulnerability from github – Published: 2022-05-17 00:53 – Updated: 2025-04-20 03:37
VLAI
Details

readelf.c in GNU Binutils 2017-04-12 has a "cannot be represented in type long" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-18T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "readelf.c in GNU Binutils 2017-04-12 has a \"cannot be represented in type long\" issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted ELF file.",
  "id": "GHSA-7h8w-xx2f-hmr7",
  "modified": "2025-04-20T03:37:48Z",
  "published": "2022-05-17T00:53:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9042"
    },
    {
      "type": "WEB",
      "url": "https://blogs.gentoo.org/ago/2017/05/12/binutils-multiple-crashes"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201709-02"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf"
    },
    {
      "type": "WEB",
      "url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7MFQ-6G2M-F3GM

Vulnerability from github – Published: 2023-08-08 12:30 – Updated: 2024-04-04 06:38
VLAI
Details

Memory corruption in Trusted Execution Environment while calling service API with invalid address.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-21627"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-704"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-08T10:15:13Z",
    "severity": "HIGH"
  },
  "details": "Memory corruption in Trusted Execution Environment while calling service API with invalid address.",
  "id": "GHSA-7mfq-6g2m-f3gm",
  "modified": "2024-04-04T06:38:04Z",
  "published": "2023-08-08T12:30:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21627"
    },
    {
      "type": "WEB",
      "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-83VM-P52W-F9PW

Vulnerability from github – Published: 2026-05-06 21:45 – Updated: 2026-06-08 19:52
VLAI
Summary
vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters
Details

Summary

The extract_hidden_states speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a RuntimeError that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters (repetition_penalty, frequency_penalty, or presence_penalty).

A single request with a penalty parameter (e.g., "repetition_penalty": 1.1) is sufficient to crash the server. The crash is deterministic and immediate — no concurrency, race condition, or special workload is required.

Details

In vLLM v0.17.0, the extract_hidden_states proposer's propose() method returned sampled_token_ids.unsqueeze(-1), producing a tensor of shape (batch_size, 1).

In PR #37013 (first released in v0.18.0), the KV connector interface was refactored out of propose(). The return type changed from tuple[Tensor, KVConnectorOutput | None] to Tensor, and the .unsqueeze(-1) call was removed along with the KV connector output:

# Before (v0.17.0):
return sampled_token_ids.unsqueeze(-1), kv_connector_output  # shape (batch_size, 1)

# After (v0.18.0+):
return sampled_token_ids  # shape (batch_size, 2) after first decode step

The refactor missed that sampled_token_ids changed semantics between the first and subsequent decode steps. After the first decode step, the rejection sampler allocates its output as (batch_size, max_spec_len + 1). With num_speculative_tokens=1, this produces shape (batch_size, 2) instead of the expected (batch_size, 1), causing a broadcast shape mismatch during penalty application.

Impact

Any vLLM deployment between v0.18.0 and v0.19.1 (inclusive) configured with extract_hidden_states speculative decoding is affected. A single API request containing any penalty parameter immediately and permanently crashes the EngineCore process, resulting in complete loss of service availability.

Patches

Fixed in PR #38610, first included in vLLM v0.20.0. The fix slices the return value to sampled_token_ids[:, :1], ensuring the correct (batch_size, 1) shape regardless of the rejection sampler's output dimensions.

Workarounds

  • Upgrade to vLLM v0.20.0 or later.
  • If upgrading is not possible, avoid using extract_hidden_states as the speculative decoding method on affected versions.
  • Alternatively, reject or strip penalty parameters (repetition_penalty, frequency_penalty, presence_penalty) from incoming requests at an API gateway before they reach vLLM.
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vllm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.18.0"
            },
            {
              "fixed": "0.20.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44223"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-131",
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T21:45:51Z",
    "nvd_published_at": "2026-05-12T20:16:43Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\n\nThe `extract_hidden_states` speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a `RuntimeError` that crashes the EngineCore process. The crash is triggered when any request in the batch uses sampling penalty parameters (`repetition_penalty`, `frequency_penalty`, or `presence_penalty`).\n\nA single request with a penalty parameter (e.g., `\"repetition_penalty\": 1.1`) is sufficient to crash the server. The crash is deterministic and immediate \u2014 no concurrency, race condition, or special workload is required.\n\n### Details\n\nIn vLLM v0.17.0, the `extract_hidden_states` proposer\u0027s `propose()` method returned `sampled_token_ids.unsqueeze(-1)`, producing a tensor of shape `(batch_size, 1)`.\n\nIn [PR #37013](https://github.com/vllm-project/vllm/pull/37013) (first released in v0.18.0), the KV connector interface was refactored out of `propose()`. The return type changed from `tuple[Tensor, KVConnectorOutput | None]` to `Tensor`, and the `.unsqueeze(-1)` call was removed along with the KV connector output:\n\n```python\n# Before (v0.17.0):\nreturn sampled_token_ids.unsqueeze(-1), kv_connector_output  # shape (batch_size, 1)\n\n# After (v0.18.0+):\nreturn sampled_token_ids  # shape (batch_size, 2) after first decode step\n```\n\nThe refactor missed that `sampled_token_ids` changed semantics between the first and subsequent decode steps. After the first decode step, the rejection sampler allocates its output as `(batch_size, max_spec_len + 1)`. With `num_speculative_tokens=1`, this produces shape `(batch_size, 2)` instead of the expected `(batch_size, 1)`, causing a broadcast shape mismatch during penalty application.\n\n### Impact\n\nAny vLLM deployment between v0.18.0 and v0.19.1 (inclusive) configured with `extract_hidden_states` speculative decoding is affected. A single API request containing any penalty parameter immediately and permanently crashes the EngineCore process, resulting in complete loss of service availability.\n\n### Patches\n\nFixed in [PR #38610](https://github.com/vllm-project/vllm/pull/38610), first included in vLLM v0.20.0. The fix slices the return value to `sampled_token_ids[:, :1]`, ensuring the correct `(batch_size, 1)` shape regardless of the rejection sampler\u0027s output dimensions.\n\n### Workarounds\n\n- Upgrade to vLLM v0.20.0 or later.\n- If upgrading is not possible, avoid using `extract_hidden_states` as the speculative decoding method on affected versions.\n- Alternatively, reject or strip penalty parameters (`repetition_penalty`, `frequency_penalty`, `presence_penalty`) from incoming requests at an API gateway before they reach vLLM.",
  "id": "GHSA-83vm-p52w-f9pw",
  "modified": "2026-06-08T19:52:35Z",
  "published": "2026-05-06T21:45:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-83vm-p52w-f9pw"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44223"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/pull/38610"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/vllm/PYSEC-2026-145.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vllm-project/vllm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vLLM: extract_hidden_states speculative decoding crashes server on any request with penalty parameters"
}

GHSA-8697-479H-5MFP

Vulnerability from github – Published: 2023-08-22 18:03 – Updated: 2023-08-24 21:49
VLAI
Summary
Weaviate denial of service vulnerability
Details

Impact

This vulnerability is a type conversion issue that affects users of Weaviate Server versions 1.20.0 and earlier. Who is impacted: Users of Weaviate Server versions 1.20.0 and earlier are impacted by this vulnerability.

Patches

A patch has been developed for this vulnerability. Patch releases 1.20.6, 1.19.13, and 1.18.6 are fixing this vulnerability in each respective minor version release. Users are strongly recommended to upgrade to one of these patched versions to address the vulnerability. Keeping software up-to-date is crucial to avoid security vulnerabilities.

Workarounds

There are no known workarounds to fix or remediate this vulnerability without upgrading. Users must upgrade to a patched version to mitigate the risk.

References

  • https://github.com/weaviate/weaviate/releases/tag/v1.18.6
  • https://github.com/weaviate/weaviate/releases/tag/v1.19.13
  • https://github.com/weaviate/weaviate/releases/tag/v1.20.6
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/weaviate/weaviate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.20.0"
            },
            {
              "fixed": "1.20.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/weaviate/weaviate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.19.0"
            },
            {
              "fixed": "1.19.13"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/weaviate/weaviate"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.18.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-38976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-704"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-22T18:03:13Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Impact\nThis vulnerability is a type conversion issue that affects users of Weaviate Server versions 1.20.0 and earlier.\nWho is impacted: Users of Weaviate Server versions 1.20.0 and earlier are impacted by this vulnerability.\n\n### Patches\nA patch has been developed for this vulnerability.\nPatch releases 1.20.6, 1.19.13, and 1.18.6 are fixing this vulnerability in each respective minor version release.\nUsers are strongly recommended to upgrade to one of these patched versions to address the vulnerability.\nKeeping software up-to-date is crucial to avoid security vulnerabilities.\n\n### Workarounds\nThere are no known workarounds to fix or remediate this vulnerability without upgrading.\nUsers must upgrade to a patched version to mitigate the risk.\n\n### References \n* https://github.com/weaviate/weaviate/releases/tag/v1.18.6\n* https://github.com/weaviate/weaviate/releases/tag/v1.19.13\n* https://github.com/weaviate/weaviate/releases/tag/v1.20.6\n",
  "id": "GHSA-8697-479h-5mfp",
  "modified": "2023-08-24T21:49:43Z",
  "published": "2023-08-22T18:03:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/weaviate/weaviate/security/advisories/GHSA-8697-479h-5mfp"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38976"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weaviate/weaviate/issues/3258"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weaviate/weaviate/pull/3431"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weaviate/weaviate/commit/2a7b208d9aca07e28969e3be82689c184ccf9118"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/weaviate/weaviate"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weaviate/weaviate/releases/tag/v1.18.6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weaviate/weaviate/releases/tag/v1.19.13"
    },
    {
      "type": "WEB",
      "url": "https://github.com/weaviate/weaviate/releases/tag/v1.20.6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Weaviate denial of service vulnerability"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.