CVE-2021-42556

Name of the Vulnerable Software and Affected Versions Rasa X versions prior to 0.42.4

Description The issue allows Directory Traversal during archive extraction. In the functionality that allows a user to load a trained model archive, an attacker has arbitrary write capability within specific directories via a crafted archive file.

Recommendations For versions prior to 0.42.4, update to version 0.42.4 or later to resolve the issue. As a temporary workaround, consider restricting the functionality that allows users to load trained model archives until a patch is applied. Avoid using crafted archive files that could exploit the Directory Traversal vulnerability.