49 matches found
CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...
Arbitrary Code Injection
Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Arbitrary Code Injection due to using 'eval' on server there is a security risk, a potential code injection vulnerability. Remediation Upgrade llama-stack to version 0.1.5.1 or higher. References - GitHub...
The vulnerability of the recv_pyobj method in the Llama Stack framework, which is used for working with large language models (LLMs), allows a attacker to execute arbitrary code.
The vulnerability of the recvpyobj method in the Llama Stack framework for working with large language models is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted JSON file...
Deserialization of Untrusted Data
Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the use of pickle as a serialization format for socket communication. An attacker can execute arbitrary code by sending maliciously crafted data that is deserialized...
CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...
CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...
CVE-2024-50050
CVE-2024-50050 affects the Llama Stack (Meta Llama Stack) prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005, where the Python Inference API used pickle over a socket/ZeroMQ transport for deserialization. This insecure pattern enables remote code execution (RCE) when untrusted data is des...
CVE-2024-50050
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...
Llama Stack 安全漏洞
Llama Stack is a model component of the Llama Stack API open-sourced by Meta Llama. A security vulnerability exists in versions prior to Llama Stack 7a8aa775e5a267cf8660d83140011a0b7f91e005, which stems from the use of pickle as a serialization format for socket communication, and could allow...