CVE-2024-50050

MEDIUM

Llama Stack <7a8aa775e5a267cf8660d83140011a0b7f91e005 - RCE

Title source: llm

Description

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.

Exploits (2)

gitlab WRITEUP

by sastraadiwiguna-purpleeliteteaming · poc

https://gitlab.com/sastraadiwiguna-purpleeliteteaming/llamastack-rce-deterministic-supply-chain-exploitation-hardening-framework-cve-2024-50050

View Code ZIP pw:eip

nomisec WRITEUP

by sastraadiwiguna-purpleeliteteaming · poc

https://github.com/sastraadiwiguna-purpleeliteteaming/LlamaStack-RCE-Deterministic-Supply-Chain-Exploitation-Hardening-Framework-CVE-2024-50050-

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.facebook.com/security/advisories/cve-2024-50050

Scores

CVSS v3 6.3

EPSS 0.0296

EPSS Percentile 86.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

Status published

Products (1)

Meta Platforms, Inc/Llama Stack < 7a8aa775e5a267cf8660d83140011a0b7f91e005

Published Oct 23, 2024

Tracked Since Feb 18, 2026