Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

A high-severity security flaw in Meta’s Llama large language model framework allows attackers to execute arbitrary code on llama-stack inference servers. The vulnerability, CVE-2024-50050, arises from the use of pickle for serialization, which can lead to remote code execution if untrusted data is deserialized. Meta addressed the issue by switching to JSON format for socket communication.