CVE-2024-50050

EUVD-2024-44595
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
meta_platforms_incllama_stack
𝑥
< 7a8aa775e5a267cf8660d83140011a0b7f91e005
ADP
References
https://www.facebook.com/security/advisories/cve-2024-50050