Lucene search
+L

22 matches found

nvd
nvd
added last week8 views

CVE-2026-58198

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS0.00095EPSS
Exploits0References4
cvelist
cvelist
added last week30 views

CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS0.00095EPSS
Exploits0References4
euvd
euvd
added last week6 views

EUVD-2026-42685

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References4
attackerkb
attackerkb
added last week7 views

CVE-2026-58198

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References5Affected Software1
cve
cve
added last week14 views

CVE-2026-58198

ChatterBot (Python) vulnerability CVE-2026-58198: UbuntuCorpusTrainer.extract() uses a predictable home path (~/.ubuntu_data/ubuntu_dialogs) with a check-then-create pattern, then tar.extractall(path=self.data_path). An attacker who pre-places a symlink at that path can cause archived contents to...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References4
osv
osv
added last week3 views

CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS6.1AI score0.00095EPSS
Exploits0References6
snyk
snyk
added 2026/06/19 10:8 p.m.8 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview ChatterBot is a ChatterBot is a machine learning, conversational dialog engine Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition via the extract function. An attacker can cause arbitrary files to be written to a directory of their choice ...

6.8CVSS5.9AI score0.00095EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/01/20 7:20 p.m.6 views

CVE-2026-23842

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...

7.5CVSS5.4AI score0.00494EPSS
Exploits1References1
vulnersosv
vulnersosv
added 2026/01/20 6:36 p.m.4 views

chatterbot-voice (>=0.1.3 <=0.1.5), shynabot (=0.0.1) +1 more potentially affected by CVE-2026-23842 via chatterbot (>=0.6.3 <=1.0.4)

chatterbot PYPI version =0.6.3, =0.1.3, =0.1.5 - shynabot =0.0.1 - shynataskmanager =0.0.1 Source cves: CVE-2026-23842 Source advisory: OSV:GHSA-V4W8-49PV-MF72...

7.5CVSS5.4AI score0.00494EPSS
Exploits1
euvd
euvd
added 2026/01/20 6:36 p.m.6 views

EUVD-2026-3299

ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion...

7.5CVSS5.4AI score0.00494EPSS
Exploits1References6
github
github
added 2026/01/20 6:36 p.m.12 views

ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion

Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...

7.5CVSS5.7AI score0.00494EPSS
Exploits1References7Affected Software1
osv
osv
added 2026/01/20 6:36 p.m.2 views

GHSA-V4W8-49PV-MF72 ChatterBot Vulnerable to Denial of Service via Database Connection Pool Exhaustion

Summary ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust the underlying SQLAlchemy connection pool, resulting in persistent service...

7.5CVSS5.7AI score0.00494EPSS
Exploits1References7
snyk
snyk
added 2026/01/19 7:48 p.m.2 views

Missing Release of Resource after Effective Lifetime

Overview ChatterBot is a ChatterBot is a machine learning, conversational dialog engine Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via the getresponse function. An attacker can cause persistent service unavailability by making concurre...

8.7CVSS5.6AI score0.00494EPSS
Exploits1References2
vulnersosv
vulnersosv
added 2026/01/19 7:48 p.m.12 views

shynabot (=0.0.1), shynataskmanager (=0.0.1) potentially affected by CVE-2026-23842 via chatterbot (=1.0.4)

chatterbot PYPI version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on chatterbot and may be impacted: - shynabot =0.0.1 - shynataskmanager =0.0.1 Source cves: CVE-2026-23842 Source advisory: SNYK:PYTHON-CHATTERBOT-15038747...

7.5CVSS5.8AI score0.00494EPSS
Exploits1
nvd
nvd
added 2026/01/19 7:16 p.m.6 views

CVE-2026-23842

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...

7.5CVSS0.00494EPSS
Exploits1References5
cvelist
cvelist
added 2026/01/19 6:39 p.m.17 views

CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...

7.5CVSS0.00494EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/01/19 6:39 p.m.2 views

CVE-2026-23842

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...

7.5CVSS5.3AI score0.00494EPSS
Exploits1References6Affected Software1
vulnrichment
vulnrichment
added 2026/01/19 6:39 p.m.1 views

CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...

7.5CVSS5.4AI score0.00494EPSS
Exploits1References5
cve
cve
added 2026/01/19 6:39 p.m.31 views

CVE-2026-23842

Summary of CVE-2026-23842 (ChatterBot): Up to version 1.2.10, ChatterBot is vulnerable to denial-of-service caused by improper database session and SQLAlchemy connection pool management. Concurrent calls to get_response() can exhaust the SQLAlchemy QueuePool, leaving the service unresponsive and ...

7.5CVSS5.4AI score0.00494EPSS
Exploits1References5Affected Software1
osv
osv
added 2026/01/19 6:39 p.m.4 views

CVE-2026-23842 ChatterBot has Denial of Service via Database Connection Pool Exhaustion

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. ChatterBot versions up to 1.2.10 are vulnerable to a denial-of-service condition caused by improper database session and connection pool management. Concurrent invocations of the getresponse method can exhaust...

7.5CVSS5.5AI score0.00494EPSS
Exploits1References7
Rows per page
Query Builder