Search criteria
13 vulnerabilities by Meta Platforms, Inc
CVE-2025-55178 (GCVE-0-2025-55178)
Vulnerability from cvelistv5 – Published: 2025-09-24 18:31 – Updated: 2025-09-24 18:50
VLAI?
Summary
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.
Severity ?
5.3 (Medium)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | Llama Stack |
Affected:
0.0.0 , < 0.2.20
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-24T18:49:33.013687Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:50:01.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Llama Stack",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "0.2.20",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-09-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-24T18:31:28.309Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "Meta"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-55178"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/llamastack/llama-stack/pull/3281"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/llamastack/llama-stack/releases/tag/v0.2.20"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "Meta",
"cveId": "CVE-2025-55178",
"datePublished": "2025-09-24T18:31:28.309Z",
"dateReserved": "2025-08-08T18:21:47.119Z",
"dateUpdated": "2025-09-24T18:50:01.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54952 (GCVE-0-2025-54952)
Vulnerability from cvelistv5 – Published: 2025-08-07 23:08 – Updated: 2025-08-08 14:11
VLAI?
Summary
An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b.
Severity ?
9.8 (Critical)
CWE
- Integer Overflow to Buffer Overflow (CWE-680)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
Affected:
0 , < https://github.com/pytorch/executorch/commit/8f062d3f661e20bb19b24b767b9a9a46e8359f2b
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T13:46:29.718407Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-680",
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T14:11:22.140Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/8f062d3f661e20bb19b24b767b9a9a46e8359f2b",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in the loading of ExecuTorch models can cause smaller-than-expected memory regions to be allocated, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 8f062d3f661e20bb19b24b767b9a9a46e8359f2b."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow to Buffer Overflow (CWE-680)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T23:08:39.186Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-54952"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/8f062d3f661e20bb19b24b767b9a9a46e8359f2b"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-54952",
"datePublished": "2025-08-07T23:08:39.186Z",
"dateReserved": "2025-08-01T18:00:45.375Z",
"dateUpdated": "2025-08-08T14:11:22.140Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54951 (GCVE-0-2025-54951)
Vulnerability from cvelistv5 – Published: 2025-08-07 23:06 – Updated: 2025-08-12 14:20
VLAI?
Summary
A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c.
Severity ?
9.8 (Critical)
CWE
- Heap-based Buffer Overflow (CWE-122)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
Affected:
0 , < https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54951",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:20:19.866300Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:20:40.207Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A group of related buffer overflow vulnerabilities in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit cea9b23aa8ff78aff92829a466da97461cc7930c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T23:06:02.059Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-54951"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/cea9b23aa8ff78aff92829a466da97461cc7930c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-54951",
"datePublished": "2025-08-07T23:06:02.059Z",
"dateReserved": "2025-08-01T18:00:45.375Z",
"dateUpdated": "2025-08-12T14:20:40.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54950 (GCVE-0-2025-54950)
Vulnerability from cvelistv5 – Published: 2025-08-07 23:03 – Updated: 2025-08-12 14:18
VLAI?
Summary
An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005.
Severity ?
9.8 (Critical)
CWE
- Out-of-bounds Read (CWE-125)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
Affected:
0 , < https://github.com/pytorch/executorch/commit/b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54950",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:13:35.299261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:18:12.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds access vulnerability in the loading of ExecuTorch models can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Out-of-bounds Read (CWE-125)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T17:18:07.441Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-54950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/b6b7a16df5e7852d976d8c34c8a7e9a1b6f7d005"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-54950",
"datePublished": "2025-08-07T23:03:03.775Z",
"dateReserved": "2025-08-01T18:00:45.375Z",
"dateUpdated": "2025-08-12T14:18:12.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-54949 (GCVE-0-2025-54949)
Vulnerability from cvelistv5 – Published: 2025-08-07 22:58 – Updated: 2025-08-12 14:13
VLAI?
Summary
A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be
Severity ?
9.8 (Critical)
CWE
- Heap-based Buffer Overflow (CWE-122)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
Affected:
0 , < https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-54949",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:12:50.781841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:13:11.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability in the loading of ExecuTorch models can potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit ede82493dae6d2d43f8c424e7be4721abe5242be"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T22:58:23.290Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-54949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/ede82493dae6d2d43f8c424e7be4721abe5242be"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-54949",
"datePublished": "2025-08-07T22:58:23.290Z",
"dateReserved": "2025-08-01T18:00:45.375Z",
"dateUpdated": "2025-08-12T14:13:11.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30405 (GCVE-0-2025-30405)
Vulnerability from cvelistv5 – Published: 2025-08-07 22:55 – Updated: 2025-08-12 14:12
VLAI?
Summary
An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73.
Severity ?
9.8 (Critical)
CWE
- Integer Overflow or Wraparound (CWE-190)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
Affected:
0 , < https://github.com/pytorch/executorch/commit/0830af8207240df8d7f35b984cdf8bc35d74fa73
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-30405",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:11:41.922213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:12:22.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/0830af8207240df8d7f35b984cdf8bc35d74fa73",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow or Wraparound (CWE-190)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T22:55:40.262Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-30405"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/0830af8207240df8d7f35b984cdf8bc35d74fa73"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-30405",
"datePublished": "2025-08-07T22:55:40.262Z",
"dateReserved": "2025-03-21T19:52:56.086Z",
"dateUpdated": "2025-08-12T14:12:22.703Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30404 (GCVE-0-2025-30404)
Vulnerability from cvelistv5 – Published: 2025-08-07 22:46 – Updated: 2025-08-12 14:11
VLAI?
Summary
An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006.
Severity ?
9.8 (Critical)
CWE
- Integer Overflow or Wraparound (CWE-190)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
Affected:
0 , < https://github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-30404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-12T14:10:48.253429Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-12T14:11:13.423Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Integer Overflow or Wraparound (CWE-190)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-07T22:46:57.161Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-30404"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/d158236b1dc84539c1b16843bc74054c9dcba006"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-30404",
"datePublished": "2025-08-07T22:46:57.161Z",
"dateReserved": "2025-03-21T19:52:56.086Z",
"dateUpdated": "2025-08-12T14:11:13.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-30402 (GCVE-0-2025-30402)
Vulnerability from cvelistv5 – Published: 2025-07-11 17:39 – Updated: 2025-07-11 18:31
VLAI?
Summary
A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f
Severity ?
8.1 (High)
CWE
- Heap-based Buffer Overflow (CWE-122)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | ExecuTorch |
Affected:
0 , < https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f
(git)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-30402",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T18:07:27.711547Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T18:31:13.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ExecuTorch",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"dateAssigned": "2025-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A heap-buffer-overflow vulnerability in the loading of ExecuTorch methods can cause the runtime to crash and potentially result in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-based Buffer Overflow (CWE-122)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T17:39:26.646Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-30402"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pytorch/executorch/commit/93b1a0c15f7eda49b2bc46b5b4c49557b4e9810f"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-30402",
"datePublished": "2025-07-11T17:39:26.646Z",
"dateReserved": "2025-03-21T19:52:56.084Z",
"dateUpdated": "2025-07-11T18:31:13.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27591 (GCVE-0-2025-27591)
Vulnerability from cvelistv5 – Published: 2025-03-11 18:29 – Updated: 2025-03-21 20:38
VLAI?
Summary
A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow.
Severity ?
6.8 (Medium)
CWE
- Incorrect Permission Assignment for Critical Resource (CWE-732)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | below |
Affected:
0.0.0 , < 0.9.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-03-12T13:08:26.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/12/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-27591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:37:38.689510Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:38:10.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "below",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "0.9.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2025-03-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A privilege escalation vulnerability existed in the Below service prior to v0.9.0 due to the creation of a world-writable directory at /var/log/below. This could have allowed local unprivileged users to escalate to root privileges through symlink attacks that manipulate files such as /etc/shadow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Incorrect Permission Assignment for Critical Resource (CWE-732)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T18:29:21.569Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2025-27591"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/facebookincubator/below/commit/da9382e6e3e332fd2c3195e22f34977f83f0f1f3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2025-27591",
"datePublished": "2025-03-11T18:29:21.569Z",
"dateReserved": "2025-03-03T11:36:32.537Z",
"dateUpdated": "2025-03-21T20:38:10.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50050 (GCVE-0-2024-50050)
Vulnerability from cvelistv5 – Published: 2024-10-23 13:35 – Updated: 2024-10-24 18:26
VLAI?
Summary
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead.
Severity ?
6.3 (Medium)
CWE
- Deserialization of Untrusted Data (CWE-502)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | Llama Stack |
Affected:
0 , < 7a8aa775e5a267cf8660d83140011a0b7f91e005
(semver)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:meta_platforms_inc:llama_stack:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "llama_stack",
"vendor": "meta_platforms_inc",
"versions": [
{
"lessThan": "7a8aa775e5a267cf8660d83140011a0b7f91e005",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-24T18:04:11.237412Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T18:26:22.699Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Llama Stack",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "7a8aa775e5a267cf8660d83140011a0b7f91e005",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2024-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Deserialization of Untrusted Data (CWE-502)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T13:35:17.320Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2024-50050"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2024-50050",
"datePublished": "2024-10-23T13:35:17.320Z",
"dateReserved": "2024-10-21T15:18:52.624Z",
"dateUpdated": "2024-10-24T18:26:22.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-23347 (GCVE-0-2024-23347)
Vulnerability from cvelistv5 – Published: 2024-01-16 17:57 – Updated: 2025-06-20 17:54
VLAI?
Summary
Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.
Severity ?
7.8 (High)
CWE
- CWE-99 - Improper Control of Resource Identifiers ('Resource Injection')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | Meta Spark Studio |
Affected:
0 , < 176
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:59:32.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2024-23347"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-23347",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-16T19:26:57.857642Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-20T17:54:46.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Meta Spark Studio",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "176",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2024-01-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-99: Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-16T17:57:20.308Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2024-23347"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2024-23347",
"datePublished": "2024-01-16T17:57:20.308Z",
"dateReserved": "2024-01-15T19:19:44.939Z",
"dateUpdated": "2025-06-20T17:54:46.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-30792 (GCVE-0-2023-30792)
Vulnerability from cvelistv5 – Published: 2023-04-29 02:21 – Updated: 2025-01-30 17:07
VLAI?
Summary
Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | Lexical |
Affected:
0.0.0 , < 0.10.0
(semver)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/facebook/lexical/releases/tag/v0.10.0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30792",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T17:07:16.995210Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T17:07:21.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Lexical",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "0.10.0",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"dateAssigned": "2023-04-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-29T02:21:49.696Z",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/facebook/lexical/releases/tag/v0.10.0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2023-30792",
"datePublished": "2023-04-29T02:21:49.696Z",
"dateReserved": "2023-04-17T13:42:08.187Z",
"dateUpdated": "2025-01-30T17:07:21.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24046 (GCVE-0-2021-24046)
Vulnerability from cvelistv5 – Published: 2022-01-14 18:10 – Updated: 2024-08-03 19:21
VLAI?
Summary
A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0.
Severity ?
No CVSS data available.
CWE
- CWE-471 - Modification of Assumed-Immutable Data (MAID)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Meta Platforms, Inc | Ray-Ban® Stories Smart Glasses |
Unaffected:
2107460.6810.0 , < unspecified
(custom)
Affected: unspecified , < 2107460.6810.0 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:21:17.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.facebook.com/security/advisories/cve-2021-24046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Ray-Ban\u00ae Stories Smart Glasses",
"vendor": "Meta Platforms, Inc",
"versions": [
{
"lessThan": "unspecified",
"status": "unaffected",
"version": "2107460.6810.0",
"versionType": "custom"
},
{
"lessThan": "2107460.6810.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2021-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A logic flaw in Ray-Ban\u00ae Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "CWE-471: Modification of Assumed-Immutable Data (MAID)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-14T18:10:09",
"orgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"shortName": "facebook"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.facebook.com/security/advisories/cve-2021-24046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2021-12-06",
"ID": "CVE-2021-24046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Ray-Ban\u00ae Stories Smart Glasses",
"version": {
"version_data": [
{
"version_affected": "!\u003e=",
"version_value": "2107460.6810.0"
},
{
"version_affected": "\u003c",
"version_value": "2107460.6810.0"
}
]
}
}
]
},
"vendor_name": "Meta Platforms, Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic flaw in Ray-Ban\u00ae Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application. This issue affected versions of device software before 2107460.6810.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-471: Modification of Assumed-Immutable Data (MAID)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.facebook.com/security/advisories/cve-2021-24046",
"refsource": "CONFIRM",
"url": "https://www.facebook.com/security/advisories/cve-2021-24046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "4fc57720-52fe-4431-a0fb-3d2c8747b827",
"assignerShortName": "facebook",
"cveId": "CVE-2021-24046",
"datePublished": "2022-01-14T18:10:10",
"dateReserved": "2021-01-13T00:00:00",
"dateUpdated": "2024-08-03T19:21:17.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}