py3.10-vllm-cuda-11.8
Chainguard
0.6.4-r0
Status
Fixed version
0.6.4-r0Status
Impact
The starlette dependency used in the vLLM project is a transitive dependency brought in through FastAPI. Due to FastAPI's reliance on this older version of starlette, an upgrade to mitigate the CVE is not feasible and will require action from upstream maintainers of FastAPI to update their compatibility with newer versions of starlette (≥0.40.0).
Status