AI description
CVE-2024-50050 is a deserialization vulnerability found in Meta's Llama-Stack, an open-source framework for developing and deploying Generative AI applications. This vulnerability allows attackers to remotely execute arbitrary code on servers running affected versions of the Llama-Stack. The flaw exists within the `recv_pyobj` method, which uses the `pickle.loads` function to deserialize Python objects, creating an entry point for malicious code execution. Exploiting this vulnerability involves sending specially crafted data to the Llama-stack server. When the server attempts to deserialize this malicious data, the embedded code is executed, potentially granting the attacker full control of the server. This could lead to data breaches, manipulation of AI models, and theft of server resources. The vulnerability affects the default Python inference server and does not impact partner integrations. Meta addressed the issue by replacing the pickle serialization format with JSON.
- Description
- Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.
- Source
- cve-assign@fb.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.3
- Impact score
- 3.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
- Severity
- MEDIUM
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Actively exploited CVE : CVE-2024-50050
@transilienceai
23 Feb 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50050
@transilienceai
22 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50050
@transilienceai
22 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50050
@transilienceai
19 Feb 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Vulnerabilidad framework Llama de Meta expone los sistemas de IA a riesgos de ejecución remota de código Meta's Llama large language model (LLM) CVE-2024-50050 https://t.co/5X7zHPsWOz… https://t.co/kx0lPAOysv
@doncaptador
17 Feb 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidad framework Llama de Meta expone los sistemas de IA a riesgos de ejecución remota de código Meta's Llama large language model (LLM) CVE-2024-50050 https://t.co/bW8bsXugHa https://t.co/spAvq3ROiT
@elhackernet
17 Feb 2025
2577 Impressions
11 Retweets
27 Likes
3 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-50050
@transilienceai
15 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50050
@transilienceai
15 Feb 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50050
@transilienceai
13 Feb 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-50050
@transilienceai
5 Feb 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
برای فریمورک Llama-stack آسیب پذیری با کد شناسایی CVE-2024-50050 و از نوع RCE منتشر شده است. LIama-stack فریمورک ای است که از سال ۲۰۲۴ شروع به فعالیت نموده است و برای برنامه نویسی با AI نمره این آسیب پذیری 9.8 می باشد. https://t.co/Poz3aKY03t https://t.co/81ummVqLug
@AmirHossein_sec
30 Jan 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical security flaw (CVE-2024-50050) found in Meta's Llama-Stack risks Generative AI apps. Affected by unsafe pyzmq use, patch released to upgrade to v0.0.41. ⚠️ #Meta #GenerativeAI #USA link: https://t.co/YRNWKZEWqS https://t.co/YbqNYNjGAc
@TweetThreatNews
27 Jan 2025
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerabilities in Meta's Llama Framework and Other AI Systems Highlight Growing Cybersecurity Challenges 🚨 Meta Llama Framework Vulnerability: CVE-2024-50050 Severity: CVSS: 6.3 (Meta) Critical: 9.3 (Snyk) Issue: Arbitrary code execution via deserialization of… ht
@GHak2learn27752
27 Jan 2025
82 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
1 Quote
The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a critical severity rating of 9.3. https://t.co/oZw0a3Xs6z
@jbhall56
27 Jan 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-50050 impacts Meta's Llama Stack framework #CVE-2024-50050 #LlamaFramework #META https://t.co/IuZh6WnvPp
@pravin_karthik
27 Jan 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Cybersecurity continues to face challenges as AI technologies grow in complexity and integration. Recently, a critical security flaw (CVE-2024-50050) was identified in Meta’s Llama framework, a tool designed to support AI application development. Watch the video till the end to
@FORTBRIDGE
27 Jan 2025
47 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-23006 2 - CVE-2024-50050 3 - CVE-2024-43468 4 - CVE-2025-0282 5 - CVE-2025-21298 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Jan 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Se ha identificado una falla de alta gravedad en el framework Llama de Meta que permite la ejecución remota de código mediante la deserialización de datos no confiables. Esta vulnerabilidad, catalogada como CVE-2024-50050, podría ser utilizada para ejecutar código arbitrario en…
@citarafy
26 Jan 2025
21 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Vulnerabilidad critica en el stack de LLama de Meta. Esta vulnerabilidad que esta bajo el CVE-2024-50050, es una posible ejecución arbitraria de código en servidor. https://t.co/M9bZmpcrXi #vulnerability #LLM #hacking
@revers3shell
26 Jan 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-50050: vulnerabilità critica in Meta Llama Stack Sicurezza Informatica, aggiornamento, CVE-2024-50050, exploit, Intelligenza Artificiale, LLM, Meta Llama Stack, open-source, pyzmq pickle, sicurezza AI, vulnerabilità https://t.co/2WWyRf24o9 https://t.co/95LQ4ktmII
@matricedigitale
26 Jan 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
1/ 🚨 메타의 라마(LLaMA) 프레임워크에서 심각한 보안 취약점 발견! CVE-2024-50050으로 추적되는 이 취약점은 CVSS 6.3점(9.3점으로 평가한 기관도 있음) 공격자가 악성 데이터를 역직렬화하여 임의 코드 실행(RCE)을 유발할 수 있음. 👉 영향: 라마 스택 추론 서버에서 원격 코드 실행 가능 https://t.co/TjfoCibHQv https://t.co/aQWpsrcIK8
@zk_soulyong
26 Jan 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Le Framework Llama de META à une faille de sécurité d'exécution de code à distance. La faille à la référence suivante : CVE-2024-50050. Plus de détail dans le lien si dessous 👇 https://t.co/dAmZ6MbSvp
@_Nidouille_
26 Jan 2025
2265 Impressions
15 Retweets
28 Likes
9 Bookmarks
1 Reply
0 Quotes
CVE-2024-50050: Critical Vulnerability in meta-llama/#llama-stack by Meta - a popular #GenAI framework. The deserialization flaw allows remote attackers to execute arbitrary code, posing severe risks to AI model hosting, data integrity & system security: https://t.co/bY15s2h
@securestep9
26 Jan 2025
4204 Impressions
15 Retweets
37 Likes
7 Bookmarks
1 Reply
2 Quotes
CVE-2024-50050: Critical Security Flaw in Meta’s Llama-Stack Framework https://t.co/Mdzk9YmxxD
@Dinosn
26 Jan 2025
3079 Impressions
6 Retweets
26 Likes
4 Bookmarks
1 Reply
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-49138 2 - CVE-2024-43468 3 - CVE-2024-50050 4 - CVE-2025-20156 5 - CVE-2020-11023 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
26 Jan 2025
167 Impressions
1 Retweet
3 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-50050: Critical Security Flaw in Meta's Llama-Stack Framework Stay informed about the critical vulnerability in Meta's Llama-Stack. Learn how this flaw can lead to arbitrary code execution and severe risks to AI model hosting and system security. https://t.co/YQM3gTVhQE
@the_yellow_fall
26 Jan 2025
1607 Impressions
8 Retweets
29 Likes
8 Bookmarks
0 Replies
1 Quote
#exploit 1. CVE-2024-43451: Windows NTLMv2 0-day https://t.co/TgQztpU3HB 2. CVE-2024-50050: Vulnerability in meta-llama/llama-stack https://t.co/X1INA4cuA3
@ksg93rd
24 Jan 2025
213 Impressions
0 Retweets
5 Likes
2 Bookmarks
0 Replies
0 Quotes
#exploit 1. CVE-2024-43451: Windows NTLMv2 0-day https://t.co/sTsJBKmCqh 2. CVE-2024-50050: Vulnerability in meta-llama/llama-stack https://t.co/F3EHLdhuUv
@akaclandestine
24 Jan 2025
1570 Impressions
14 Retweets
34 Likes
12 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vuln Discovered in Meta's Llama Stack (#CVE-2024-50050) Attackers can now execute arbitrary code on inference servers via unsafe data deserialization. Full details: https://t.co/zXtvzhm1iw #Cybersecurity #GenAI #InfoSec
@OligoSecurity
23 Jan 2025
252 Impressions
1 Retweet
5 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2024-50050 Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote… https://t.co/PlnSaUZ20c
@CVEnew
23 Oct 2024
328 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes