Rasa X before 0.42.4 allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-22T18:36:14
Updated: 2024-08-04T03:38:49.338Z
Reserved: 2021-10-18T00:00:00
Link: CVE-2021-42556
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-22T19:15:08.063
Modified: 2024-11-21T06:27:48.177
Link: CVE-2021-42556
Redhat
No data.