29 matches found
CVE-2021-24040
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...
CVE-2021-39207
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...
Malicious code in parlai-mturk-task-compiler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01524d470a8b7dd3d7f042e28bb40d9628cdf193eff995dabd67dc4ac1082156 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5215 Malicious code in parlai-mturk-task-compiler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01524d470a8b7dd3d7f042e28bb40d9628cdf193eff995dabd67dc4ac1082156 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in parlai-mephisto-task-compiler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09495931dcfc8a6bb66d0754c6551c12e6cbae08ea207828dcd98127c20c2360 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5214 Malicious code in parlai-mephisto-task-compiler (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 09495931dcfc8a6bb66d0754c6551c12e6cbae08ea207828dcd98127c20c2360 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Facebook ParlAI 1.0.0 Code Execution / Deserialization
Exploit Title: Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai Date: 2021-09-11 Exploit Author: Abhiram V Vendor Homepage: https://parl.ai/ Software Link: https://github.com/facebookresearch/ParlAI Version: 1.1.0 Tested on: Linux CVE: CVE-2021-24040 References :...
parlai code issue vulnerability
parlai is used to train and evaluate AI models on a variety of publicly available conversational datasets. parlai suffers from a code issue vulnerability that stems from an insecure loading package that is vulnerable to YAML deserialization attacks in the affected version. An attacker could explo...
GHSA-MWGJ-7X7J-6966 Deserialization of Untrusted Data in ParlAI
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...
Deserialization of Untrusted Data in ParlAI
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...
GHSA-M87F-9FVV-2MGG Deserialization of Untrusted Data in parlai
Impact Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. Patches The issue can be patched by upgrading to v1.1.0 or later. It can also be patche...
Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai
Exploit Title: Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai Date: 2021-09-11 Exploit Author: Abhiram V Vendor Homepage: https://parl.ai/ Software Link: https://github.com/facebookresearch/ParlAI Version: 1.1.0 Tested on: Linux CVE: CVE-2021-24040 References :...
Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai Vulnerability
Exploit Title: Facebook ParlAI 1.0.0 - Deserialization of Untrusted Data in parlai Exploit Author: Abhiram V Vendor Homepage: https://parl.ai/ Software Link: https://github.com/facebookresearch/ParlAI Version: 1.1.0 Tested on: Linux CVE: CVE-2021-24040 References :...
CVE-2021-39207
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...
CVE-2021-39207
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...
PYSEC-2021-334
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...
PYSEC-2021-334
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...
CVE-2021-39207 Deserialization of Untrusted Data in parlai
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding...
CVE-2021-39207
ParlAI is affected by a YAML deserialization vulnerability due to unsafe loading, enabling arbitrary code execution. Affected versions require upgrading to v1.1.0 or later; as a workaround, switch the loader to SafeLoader. The issue is documented across multiple sources (e.g., commit 507d066..., ...
CVE-2021-24040
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0...