0.001 Low
EPSS
Percentile
23.9%
rasa is vulnerable to arbitrary file write. A malicious user is able to cause arbitrary file writes within specific directories via a trained model which contains a crafted model.tar.gz file.
model.tar.gz
github.com/RasaHQ/rasa/commit/1b6b502f52d73b4f8cd1959ce724b8ad0eb33989
github.com/RasaHQ/rasa/commit/ffac4d9b91e7632534d356ebd9a64e8c4b04efe3
github.com/RasaHQ/rasa/pull/9852
github.com/RasaHQ/rasa/security/advisories/GHSA-4365-fhm5-qcrx