Major Security Flaw Exposed in Meta's Llama Framework
A critical vulnerability (CVE-2024-50050) in Meta's Llama framework sparks alarm as it opens doors to remote code execution through unsafe Python object deserialization. The issue was rooted in the use of insecure 'pickle' format for serialization, affecting the Llama Stack component. Despite a CVSS score of 6.3, Snyk rated it a severe 9.3, leading Meta to swiftly patch the flaw in version 0.0.41 by switching to JSON serialization.
Jan 26