22 matches found
CVE-2026-58198
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
EUVD-2026-42685
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
CVE-2026-58198
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
CVE-2026-58198
ChatterBot (Python) vulnerability CVE-2026-58198: UbuntuCorpusTrainer.extract() uses a predictable home path (~/.ubuntu_data/ubuntu_dialogs) with a check-then-create pattern, then tar.extractall(path=self.data_path). An attacker who pre-places a symlink at that path can cause archived contents to...
CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview ChatterBot is a ChatterBot is a machine learning, conversational dialog engine Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the extract function. An attacker can cause arbitrary files to be written to a directory of their choice ...
CVE-2026-23842
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
chatterbot-voice (>=0.1.3 <=0.1.5), shynabot (=0.0.1) +1 more potentially affected by CVE-2026-23842 via chatterbot (>=0.6.3 <=1.0.4)
chatterbot PYPI version =0.6.3, =0.1.3, =0.1.5 - shynabot =0.0.1 - shynataskmanager =0.0.1 Source cves: CVE-2026-23842 Source advisory: OSV:GHSA-V4W8-49PV-MF72...
EUVD-2026-3299
ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion...
ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion
Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...
GHSA-V4W8-49PV-MF72 ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion
Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...
Missing Release of Resource after Effective Lifetime
Overview ChatterBot is a ChatterBot is a machine learning, conversational dialog engine Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the getresponse function. An attacker can cause persistent service unavailability by making concurre...
shynabot (=0.0.1), shynataskmanager (=0.0.1) potentially affected by CVE-2026-23842 via chatterbot (=1.0.4)
chatterbot PYPI version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on chatterbot and may be impacted: - shynabot =0.0.1 - shynataskmanager =0.0.1 Source cves: CVE-2026-23842 Source advisory: SNYK:PYTHON-CHATTERBOT-15038747...
CVE-2026-23842
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...
CVE-2026-23842
Summary of CVE-2026-23842 (ChatterBot): Up to version 1.2.10, ChatterBot is vulnerable to denial-of-service caused by improper database session and SQLAlchemy connection pool management. Concurrent calls to get_response() can exhaust the SQLAlchemy QueuePool, leaving the service unresponsive and ...
CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion
ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...