CVE-2024-50050

Summary

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.

Affected Software

VendorProductVersion RangeStatus
Meta Platforms, IncLlama Stack0 < 7a8aa775e5a267cf8660d83140011a0b7f91e005affected

Weaknesses

  • Deserialization of Untrusted Data (CWE-502)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References