CVE-2024-50050 Information

Description

Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.

Reference

https://www.facebook.com/security/advisories/cve-2024-50050