PyPi: Rasa

CVE-2021-41127

Safety vulnerability ID: 42810

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 21, 2021 Updated at Apr 18, 2024
Scan your Python projects for vulnerabilities →

Advisory

Rasa 2.8.10 includes a fix for CVE-2021-41127: In affected versions, a vulnerability exists in the functionality that loads a trained model 'tar.gz' file which allows a malicious actor to craft a 'model.tar.gz' file which can overwrite or replace bot files in the bot directory. Users unable to update should ensure that untrusted model files are not uploaded and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance.
https://github.com/RasaHQ/rasa/pull/9852

Affected package

rasa

Latest version: 3.6.20

Open source machine learning framework to automate text- and voice-based conversations: NLU, dialogue management, connect to Slack, Facebook, and more - Create chatbots and voice assistants

Affected versions

Fixed versions

Vulnerability changelog

- [6487](https://github.com/rasahq/rasa/issues/6487): Remove backwards compatibility code with Rasa Open Source 1.x, Rasa Enterprise 0.35, and other outdated
backwards compatibility code in `rasa.cli.x`, `rasa.core.utils`, `rasa.model_testing`, `rasa.model_training`
and `rasa.shared.core.events`.
- [8569](https://github.com/rasahq/rasa/issues/8569): Removed Python 3.6 support as [it reaches its end of life in December 2021](https://www.python.org/dev/peps/pep-0494/#lifespan).
- [8862](https://github.com/rasahq/rasa/issues/8862): Follow through on removing deprecation warnings for synchronous `EventBroker` methods.
- [8864](https://github.com/rasahq/rasa/issues/8864): Follow through on deprecation warnings for policies and policy ensembles.
- [8867](https://github.com/rasahq/rasa/issues/8867): Follow through on deprecation warnings for `rasa.shared.data`.
- [8868](https://github.com/rasahq/rasa/issues/8868): Follow through on deprecation warnings for the `Domain`. Most importantly this will
enforce the schema of the [`forms` section](forms.mdx) in the domain file.
This further includes the removal of the `UnfeaturizedSlot` type.
- [8869](https://github.com/rasahq/rasa/issues/8869): Remove deprecated `change_form_to` and `set_form_validation` methods from `DialogueStateTracker`.
- [8870](https://github.com/rasahq/rasa/issues/8870): Remove the support of Markdown training data format. This includes:
- reading and writing of story files in Markdown format
- reading and writing of NLU data in Markdown format
- reading and writing of retrieval intent data in Markdown format
- all the Markdown examples and tests that use Markdown
- [8871](https://github.com/rasahq/rasa/issues/8871): Removed automatic renaming of deprecated action
`action_deactivate_form` to `action_deactivate_loop`.
`action_deactivate_form` will just be treated like other
non-existing actions from now on.
- [8872](https://github.com/rasahq/rasa/issues/8872): Remove deprecated `sorted_intent_examples` method from `TrainingData`.
- [8873](https://github.com/rasahq/rasa/issues/8873): Raising `RasaException` instead of deprecation warning when using
`class_from_module_path` for loading types other than classes.
- [8874](https://github.com/rasahq/rasa/issues/8874): Specifying the `retrieve_events_from_previous_conversation_sessions` kwarg for the any `TrackerStore` was deprecated and has now been removed.
Please use the `retrieve_full_tracker()` method instead.

Deserialization of pickled trackers was deprecated and has now been removed.
Rasa will perform any future save operations of trackers using json serialisation.

Removed catch for missing (deprecated) `session_date` when saving trackers in `DynamoTrackerStore`.
- [8879](https://github.com/rasahq/rasa/issues/8879): Removed the deprecated dialogue policy state featurizers: `BinarySingleStateFeature` and `LabelTokenizerSingleStateFeaturizer`.

Removed the deprecated method `encode_all_actions` of `SingleStateFeaturizer`. Use `encode_all_labels` instead.
- [8880](https://github.com/rasahq/rasa/issues/8880): Follow through with removing deprecated policies: `FormPolicy`, `MappingPolicy`, `FallbackPolicy`, `TwoStageFallbackPolicy`, and `SklearnPolicy`.

Remove warning about default value of `max_history` in MemoizationPolicy. The default value is now `None`.
- [8881](https://github.com/rasahq/rasa/issues/8881): Follow through on deprecation warnings and remove code, tests, and docs for `ConveRTTokenizer`, `LanguageModelTokenizer` and `HFTransformersNLP`.
- [8883](https://github.com/rasahq/rasa/issues/8883): `rasa.shared.nlu.training_data.message.Message` method `get_combined_intent_response_key` has been removed. `get_full_intent` should now be used in its place.
- [8974](https://github.com/rasahq/rasa/issues/8974): Intent IDs sent with events (to kafka and elsewhere) have been removed, intent
names can be used instead (or if numerical values are needed for backwards
compatibility, one can also hash the names to get previous ID values, ie.
`hash(intent_name)` is the old ID values). Intent IDs have been removed because
they were providing no extra value and integers that large were problematic for
some event broker implementations.
- [9236](https://github.com/rasahq/rasa/issues/9236): Remove `loop` argument from `train` method in `rasa`.
This argument became redundant when Python 3.6 support was dropped as `asyncio.run` became available in Python 3.7.
- [9390](https://github.com/rasahq/rasa/issues/9390): Remove `template_variables` and `e2e` arguments from `get_stories` method of `TrainingDataImporter`.
This argument was used in Markdown data format and became redundant once Markdown was removed.
- [9399](https://github.com/rasahq/rasa/issues/9399): `weight_sparsity` has been removed. Developers should replace it with `connection_density` in the following way: `connection_density` = 1-`weight_sparsity`.

`softmax` is not available as a `loss_type` anymore.

The `linear_norm` option has been removed as possible value for `model_confidence`. Please, use `softmax` instead.

`minibatch` has been removed as a value for `tensorboard_log_level`, use `batch` instead.

Removed deprecation warnings related to the removed component config values.
- [9404](https://github.com/rasahq/rasa/issues/9404): Follow through on removing deprecation warnings raised in these modules:

- `rasa/server.py`

- `rasa/core/agent.py`

- `rasa/core/actions/action.py`

- `rasa/core/channels/mattermost.py`

- `rasa/core/nlg/generator.py`

- `rasa/nlu/registry.py`
- [9432](https://github.com/rasahq/rasa/issues/9432): Remove deprecation warnings associated with the `"number_additional_patterns"` parameter of
`rasa.nlu.featurizers.sparse_featurizer.regex_featurizer.RegexFeaturizer`.
This parameter is no longer needed for incremental training.

Remove deprecation warnings associated with the `"additional_vocabulary_size"` parameter of
`rasa.nlu.featurizers.sparse_featurizer.count_vectors_featurizer.CountVectorsFeaturizer`.
This parameter is no longer needed for incremental training.

Remove deprecated functions `training_states_actions_and_entities` and
`training_states_and_actions` from `rasa.core.featurizers.tracker_featurizers.TrackerFeaturizer`.
Use `training_states_labels_and_entities` and `training_states_and_labels` instead.
- [9455](https://github.com/rasahq/rasa/issues/9455): Follow through on deprecation warning for `NGramFeaturizer`
- [9598](https://github.com/rasahq/rasa/issues/9598): The CLI commands `rasa data convert config` and `rasa data convert responses` which
converted from the Rasa Open Source 1 to the Rasa Open Source 2 formats were removed.
Please use a Rasa Open Source 2 installation to convert your training data before
moving to Rasa Open Source 3.
- [9766](https://github.com/rasahq/rasa/issues/9766): `rasa.core.agent.Agent.visualize` was removed. Please use `rasa visualize` or
`rasa.core.visualize.visualize` instead.
- [9972](https://github.com/rasahq/rasa/issues/9972): Removed slot auto-fill functionality, making the key invalid to use in the domain file.
The `auto_fill` parameter was also removed from the constructor of the `Slot` class.
In order to continue filling slots with entities of the same name, you now have to define a `from_entity` mapping in the `slots` section of the domain.
To learn more about how to migrate your 2.0 assistant, please read the migration guide.

Features
- [10150](https://github.com/rasahq/rasa/issues/10150): Training data version upgraded from `2.0` to `3.0` due to breaking changes to format in Rasa Open Source 3.0
- [10170](https://github.com/rasahq/rasa/issues/10170): A new experimental feature called `Markers` has been added.
`Markers` allow you to define points of interest in conversations as a set of conditions that need to be met.
A new command `rasa evaluate markers` allows you to apply these conditions to your existing tracker stores
and outputs the points at which the conditions were satisfied.
- [9803](https://github.com/rasahq/rasa/issues/9803): Rasa Open Source now uses the [model configuration](model-configuration.mdx) to build a

[directed acyclic graph](https://en.wikipedia.org/wiki/Directed_acyclic_graph).
This graph describes the dependencies between the items in your model configuration and
how data flows between them. This has two major benefits:

- Rasa Open Source can use the computational graph to optimize the execution of your
model. Examples for this are efficient caching of training steps or executing
independent steps in parallel.
- Rasa Open Source can represent different model architectures flexibly. As long as the
graph remains acyclic Rasa Open Source can in theory pass any data to any graph
component based on the model configuration without having to tie the underlying
software architecture to the used model architecture.

This change required changes to custom policies and custom NLU components. See the
documentation for a detailed
[migration guide](migration-guide.mdxcustom-policies-and-custom-components).
- [9972](https://github.com/rasahq/rasa/issues/9972): Added explicit mechanism for slot filling that allows slots to be set and/or updated throughout the conversation.
This mechanism is enabled by defining global slot mappings in the `slots` section of the domain file.

In order to support this new functionality, implemented a new default action: `action_extract_slots`. This new action runs after each user turn and checks if any slots can be filled with information extracted from the last user message based on defined slot mappings.

Since slot mappings were moved away from the `forms` section of the domain file, converted the form's `required_slots` to a list of slot names.
In order to restrict certain mappings to a form, you can now use the `conditions` key in the mapping to define the applicable `active_loop`, like so:
yaml
slots:
location:
type: text
influence_conversation: false
mappings:
- type: from_entity
entity: city
conditions:
- active_loop: booking_form

To learn more about how to migrate your 2.0 assistant, please read the migration guide.

Improvements
- [10189](https://github.com/rasahq/rasa/issues/10189): Updated the `/status` endpoint response payload, and relevant documentation, to return/reflect the updated 3.0 keys/values.
- [7619](https://github.com/rasahq/rasa/issues/7619): Bump TensorFlow version to 2.6.

This update brings some security benefits (see TensorFlow

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.1

CVSS v3 Details

HIGH 7.1
Attack Vector (AV)
LOCAL
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH

CVSS v2 Details

MEDIUM 5.8
Access Vector (AV)
NETWORK
Access Complexity (AC)
MEDIUM
Authentication (Au)
NONE
Confidentiality Impact (C)
NONE
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL