skip to content
Decrypt LOL

Get Cyber-Smart in Just 5 Minutes a Week

Decrypt delivers quick and insightful updates on cybersecurity. No spam, no data sharing—just the info you need to stay secure.

Read the latest edition

Critical Vulnerability Identified in Meta's Llama Stack

/ 1 min read

🦙🔒 Critical vulnerability discovered in Meta’s Llama Stack framework. The Oligo research team identified CVE-2024-50050, a severe vulnerability in Meta’s open-source Llama Stack, which allows attackers to execute arbitrary code on the inference server via deserialization of untrusted data. This vulnerability received a critical CVSS score of 9.3 from Snyk and was promptly patched by Meta, which urged users to upgrade to version 0.0.41 or higher. The flaw stems from the default Python Inference API implementation, exposing systems to potential remote code execution if the ZeroMQ socket is accessible over the network. Meta has since improved documentation and security practices to mitigate similar risks in the future.

Source
{entry.data.source.title}
Original