Remote Code Execution (RCE)

Llama Stack is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper validation of parameters in the resolveastbytype function, which allows an attacker to supply malicious input leading to arbitrary code execution...

Llama Stack could potentially allow for remote code execution

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

Cross-site Scripting (XSS)

Overview llama-stack is a Llama Stack Affected versions of this package are vulnerable to Cross-site Scripting XSS via the resolveastbytype function. An attacker can modify application behavior or execute unauthorized actions by supplying unverified parameters. Details Cross-site scripting or XSS...

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

CVE-2025-55178

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolveastbytype function which could potentially allow for remote code execution...

CVE-2025-55178

Summary: Llama Stack versions prior to 0.2.20 are reported to be vulnerable to remote code execution due to unverified parameters accepted by the resolve_ast_by_type function. This root cause is consistently described across multiple sources (CVE-2025-55178 entries and related advisories). Affect...

Llama Stack 安全漏洞

Llama Stack is a model component of the Llama Stack API open-sourced by Meta Llama. A security vulnerability exists in Llama Stack versions prior to v0.2.20, which stems from the resolveastbytype function accepting unvalidated parameters, which could lead to remote code execution...