Lucene search
K

49 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 10:42 a.m.20 views

CVE-2024-50050

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...

6.3CVSS7.8AI score0.00886EPSS
Exploits1References1
Snyk
Snyk
added 2025/04/01 6:30 a.m.3 views

Arbitrary Code Injection

Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Arbitrary Code Injection due to using 'eval' on server there is a security risk, a potential code injection vulnerability. Remediation Upgrade llama-stack to version 0.1.5.1 or higher. References - GitHub...

9.8CVSS7.8AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/03/12 12:0 a.m.5 views

The vulnerability of the recv_pyobj method in the Llama Stack framework, which is used for working with large language models (LLMs), allows a attacker to execute arbitrary code.

The vulnerability of the recvpyobj method in the Llama Stack framework for working with large language models is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code using a specially crafted JSON file...

6.5CVSS8.6AI score0.00886EPSS
Exploits1References6
Snyk
Snyk
added 2024/10/23 2:41 p.m.10 views

Deserialization of Untrusted Data

Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the use of pickle as a serialization format for socket communication. An attacker can execute arbitrary code by sending maliciously crafted data that is deserialized...

9.8CVSS7.8AI score0.00886EPSS
Exploits1References2
NVD
NVD
added 2024/10/23 2:15 p.m.36 views

CVE-2024-50050

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...

6.3CVSS0.00886EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/10/23 1:35 p.m.14 views

CVE-2024-50050

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...

7.7AI score0.00886EPSS
Exploits1References1
CVE
CVE
added 2024/10/23 1:35 p.m.74 views

CVE-2024-50050

CVE-2024-50050 affects the Llama Stack (Meta Llama Stack) prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005, where the Python Inference API used pickle over a socket/ZeroMQ transport for deserialization. This insecure pattern enables remote code execution (RCE) when untrusted data is des...

6.3CVSS7.8AI score0.00886EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/10/23 1:35 p.m.35 views

CVE-2024-50050

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead...

0.00886EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.9 views

Llama Stack 安全漏洞

Llama Stack is a model component of the Llama Stack API open-sourced by Meta Llama. A security vulnerability exists in versions prior to Llama Stack 7a8aa775e5a267cf8660d83140011a0b7f91e005, which stems from the use of pickle as a serialization format for socket communication, and could allow...

6.3CVSS7.8AI score0.00886EPSS
Exploits1References1
Rows per page
Query Builder