Safety vulnerability ID: 76361
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A vulnerability has been identified in Rasa Pro and Rasa Open Source that enables an attacker who can load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: - The HTTP API must be enabled on the Rasa instance eg with --enable-api. This is not the default configuration. - For unauthenticated RCE to be exploitable, the user must not have configured any authentication or other security controls recommended in our documentation. - For authenticated RCE, the attacker must possess a valid authentication token or JWT to interact with the Rasa API.
Latest version: 3.13.12
State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application