CVE-2024-49375

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

Remote Code Execution (RCE)

Rasa is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of maliciously crafted models in Rasa, which allows an attacker to load a model remotely into a Rasa instance if certain security configurations are not in place...

CVE-2024-49375

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

CVE-2024-49375 Remote Code Execution via Remote Model Loading in Rasa

Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on t...

askbob (>=0.0.3 <=0.0.4), botstudio-sdk (>=0.0.3 <=0.0.25) +15 more potentially affected by CVE-2024-49375 via rasa (>=1.10.0 <=3.6.20)

rasa PYPI version =1.10.0, =0.0.3, =0.0.3, =0.0.3a2, =0.23.5, =1.0.2, =0.1.0, =0.2.0, =1.0.3, =0.3.0, =0.0.1a1, =0.1.0, =0.1.0, =1.0.0, =1.1.2 and more Source cves: CVE-2024-49375 Source advisory: OSV:GHSA-CPV4-GGRR-7J9V...

Deserialization of Untrusted Data

Overview rasa is an Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants Affected versions of this package are vulnerable to Deserialization of Untrusted Data b...

Rasa Allows Remote Code Execution via Remote Model Loading

Vulnerability A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the...

PYSEC-2021-381

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...

askbob (>=0.0.3 <=0.0.4), pre-assistant (>=0.23.5 <=0.23.16) +9 more potentially affected by CVE-2021-41127 via rasa (>=1.10.0 <=2.2.9)

rasa PYPI version =1.10.0, =0.0.3, =0.23.5, =1.0.2, =0.1.0, =1.0.3, =0.3.0, =0.1.0, =0.1.0, =1.0.0, =0.0.2, =0.0.4 Source cves: CVE-2021-41127 Source advisory: OSV:PYSEC-2021-381...