📦

parlai

Vendor: facebook

Actively Exploited 0 CISA KEV List

PoC / Exploits 1 Code Available

Total RCEs 2 Remote Access

Total CVEs 2 Total Indexed

Avg. EPSS 18.80% Exploit Prob.

Latest CVE CVE-2021-39207 Sep 10

Security Vulnerability Index

Page 1 / 1

8.4 CVSS

CVE-2021-39207

RCE

parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details.

EPSS: 1.35%

Severity: HIGH

Sep 10, 2021

9.8 CVSS

CVE-2021-24040

RCE Exploit Found

Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.

EPSS: 36.24%

Severity: CRITICAL

Sep 10, 2021

Displaying 2 of 2 Total Entries

Total 1 Sections