RasaHQ/rasa-x-security-advisories

RasaHQ/rasa-x-security-advisories

GitHubGitHub
GitHubgithub.com
Releases0
Security Advisories for Rasa X
Log in to subscribe

CVE History

CVEPublishedCVSS v3CVSS v2
CVE-2021-42556
5.5 MEDIUM4.3 MEDIUM

Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.