VYPR

Rasa

by Rasahq

pypi: rasa

Source repositories

CVEs (3)

  • CVE-2024-49375CriJan 14, 2025
    risk 0.52cvss 9.0epss 0.01

    Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API…

  • CVE-2021-42556Oct 22, 2021
    risk 0.00cvss epss 0.01

    Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.

  • CVE-2021-41127Oct 21, 2021
    risk 0.00cvss epss 0.01

    Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can…