Skip to content

Maliciously Crafted Model Archive Can Lead To Arbitrary File Write

High
rasa-jmac published GHSA-vp2h-j6px-56rc Oct 21, 2021

Package

Rasa X (Rasa X)

Affected versions

<0.42.4

Patched versions

0.42.4

Description

Impact

An Archive Extraction (Zip Slip) vulnerability in the functionality that allows a user to load a trained model archive in Rasa X 0.42.3 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file.

Patches

The vulnerability is fixed in Rasa X 0.42.4

Workarounds

Mitigating steps for vulnerable end users are to ensure that they do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance.

For more information

If you have any questions or comments about this advisory:

Severity

High
7.3
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H

CVE ID

CVE-2021-42556

Weaknesses