Homepage

llama-stack@0.0.63 vulnerabilities

Llama Stack

  • latest version

    0.3.4

  • latest non vulnerable version

    0.3.4

  • first published

    1 years ago

  • latest version published

    10 days ago

  • licenses detected

  • View llama-stack package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the llama-stack package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Cross-site Scripting (XSS)

    llama-stack is a Llama Stack

    Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the resolve_ast_by_type function. An attacker can modify application behavior or execute unauthorized actions by supplying unverified parameters.

    How to fix Cross-site Scripting (XSS)?

    Upgrade llama-stack to version 0.2.20 or higher.

    [,0.2.20)
    • C
    Arbitrary Code Injection

    llama-stack is a Llama Stack

    Affected versions of this package are vulnerable to Arbitrary Code Injection due to using 'eval' on server there is a security risk, a potential code injection vulnerability.

    How to fix Arbitrary Code Injection?

    Upgrade llama-stack to version 0.1.5.1 or higher.

    [,0.1.5.1)
    Go back to all versions of this package