3 matches found
CVE-2021-39207
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...
CVE-2021-39207
creationtimestamp| type| source ---|---|--- 2021-09-11 02:30:56+00:00| published-proof-of-concept| https://t.me/cibsecurity/28697...
CVE-2021-39207
ParlAI is affected by a YAML deserialization vulnerability due to unsafe loading, enabling arbitrary code execution. Affected versions require upgrading to v1.1.0 or later; as a workaround, switch the loader to SafeLoader. The issue is documented across multiple sources (e.g., commit 507d066..., ...