3 matches found
CVE-2021-41127
Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model tar.gz file which allows a malicious actor to craft a model.tar.gz file which can overwrite or replace bot...
askbob (>=0.0.3 <=0.0.4), pre-assistant (>=0.23.5 <=0.23.16) +9 more potentially affected by CVE-2021-41127 via rasa (>=1.10.0 <=2.2.9)
rasa PYPI version =1.10.0, =0.0.3, =0.23.5, =1.0.2, =0.1.0, =1.0.3, =0.3.0, =0.1.0, =0.1.0, =1.0.0, =0.0.2, =0.0.4 Source cves: CVE-2021-41127 Source advisory: OSV:PYSEC-2021-381...
CVE-2021-41127
CVE-2021-41127 affects Rasa open source framework. A vulnerability exists in the model-loading path for trained archives (model.tar.gz) that can be crafted to overwrite or replace bot files in the bot directory. Root cause: arbitrary file write via crafted model archives during load. Impact per s...