CVE-2021-42556

Published
View on NVD ↗
CVSS v3
5.5
MEDIUM
CVSS v2
4.3
MEDIUM
Affected
1
PROJECT

Description

Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.

RasaHQ/rasa-x-security-advisories
RasaHQ/rasa-x-security-advisories
Security Advisories for Rasa X
GitHubGitHub