GHSA-x75h-m6jj-6cj2

Опубликовано: 24 сент. 2025

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

Llama Stack could potentially allow for remote code execution

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2025-55178
https://github.com/llamastack/llama-stack/pull/3281
https://github.com/llamastack/llama-stack/commit/efdb5558b8dcab4d141678bfed0a405e2f312b6f
https://github.com/llamastack/llama-stack/releases/tag/v0.2.20
https://www.facebook.com/security/advisories/cve-2025-55178

Пакеты

Наименование

llama-stack

pip

Затронутые версииВерсия исправления

< 0.2.20

0.2.20

EPSS

Процентиль: 36%

0.00151

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2025-55178

Дефекты

CWE-20

Связанные уязвимости

CVE-2025-55178

CVSS3: 5.3

nvd

5 месяцев назад

Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.

EPSS

Процентиль: 36%

0.00151

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2025-55178

Дефекты

CWE-20