remote code execution

2+ articles

AI security Anthropic CVE-2024-50050 Llama framework Meta

Critical Vulnerability in Anthropic's MCP Inspector Sparks Urgent Security Update

A critical vulnerability in Anthropic's MCP Inspector, used for debugging AI models, allows code execution without authentication. Discover how to safeguard your systems and why this update is crucial for developers.

Jul 4

Critical Vulnerability in Anthropic's MCP Inspector Sparks Urgent Security Update

Major Security Flaw Exposed in Meta's Llama Framework

A critical vulnerability (CVE-2024-50050) in Meta's Llama framework sparks alarm as it opens doors to remote code execution through unsafe Python object deserialization. The issue was rooted in the use of insecure 'pickle' format for serialization, affecting the Llama Stack component. Despite a CVSS score of 6.3, Snyk rated it a severe 9.3, leading Meta to swiftly patch the flaw in version 0.0.41 by switching to JSON serialization.

Jan 26

Major Security Flaw Exposed in Meta's Llama Framework