/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-c99r-75mh-jxcm

Published

Last updated

https://images.chainguard.dev/security/CGA-c99r-75mh-jxcm
Package

py3-vllm-cuda-12.4

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2025-48924
  • GHSA-j288-q9x7-2f5v

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48924

Updates

Status

Pending upstream fix

Impact

The commons-lang3 @ 3.13.0 vulnerability exists in bundled/shaded JARs within Ray's distribution that cannot be updated through VLLM's build process. The vulnerability is present in /usr/lib/python3.12/site-packages/ray/jars/ray_dist.jar which bundles commons-lang3 3.13.0. This requires an upstream Ray release with commons-lang3 updated to 3.18.0. Ray 2.47.1 (latest as of June 2025) still uses the vulnerable version 3.13.0.

Status

Under investigation


Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing