llama-stack 0.0.39 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the llama-stack package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS) llama-stack is a Llama Stack Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `resolve_ast_by_type` function. An attacker can modify application behavior or execute unauthorized actions by supplying unverified parameters. How to fix Cross-site Scripting (XSS)? Upgrade `llama-stack` to version 0.2.20 or higher.	[,0.2.20)
C Arbitrary Code Injection llama-stack is a Llama Stack Affected versions of this package are vulnerable to Arbitrary Code Injection due to using 'eval' on server there is a security risk, a potential code injection vulnerability. How to fix Arbitrary Code Injection? Upgrade `llama-stack` to version 0.1.5.1 or higher.	[,0.1.5.1)
C Deserialization of Untrusted Data llama-stack is a Llama Stack Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the use of `pickle` as a serialization format for socket communication. An attacker can execute arbitrary code by sending maliciously crafted data that is deserialized. How to fix Deserialization of Untrusted Data? Upgrade `llama-stack` to version 0.0.41 or higher.	[,0.0.41)

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

llama-stack is a Llama Stack

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the resolve_ast_by_type function. An attacker can modify application behavior or execute unauthorized actions by supplying unverified parameters.

How to fix Cross-site Scripting (XSS)?

Upgrade llama-stack to version 0.2.20 or higher.

[,0.2.20)

Arbitrary Code Injection

llama-stack is a Llama Stack

Affected versions of this package are vulnerable to Arbitrary Code Injection due to using 'eval' on server there is a security risk, a potential code injection vulnerability.

How to fix Arbitrary Code Injection?

Upgrade llama-stack to version 0.1.5.1 or higher.

[,0.1.5.1)

Deserialization of Untrusted Data

llama-stack is a Llama Stack

Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the use of pickle as a serialization format for socket communication. An attacker can execute arbitrary code by sending maliciously crafted data that is deserialized.

How to fix Deserialization of Untrusted Data?

Upgrade llama-stack to version 0.0.41 or higher.

[,0.0.41)

llama-stack@0.0.39 vulnerabilities

Llama Stack

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically