How severe is CVE-2021-41127?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2021-41127?

This is classified as CWE-22, which is a common weakness in software security.

CVE-2021-41127

HIGH Year: 2021

CVSS v3 Score

7.1

High

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-22

View all →

Vulnerability Description

Rasa is an open source machine learning framework to automate text-and voice-based conversations. In affected versions a vulnerability exists in the functionality that loads a trained model `tar.gz` file which allows a malicious actor to craft a `model.tar.gz` file which can overwrite or replace bot files in the bot directory. The vulnerability is fixed in Rasa 2.8.10. For users unable to update ensure that users do not upload untrusted model files, and restrict CLI or API endpoint access where a malicious actor could target a deployed Rasa instance.

CVE-2016-10330

HIGH

CVSS:7.1(High)

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

CWE-222016

CVE-2016-6896

HIGH

CVSS:7.1(High)

Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read ...

CWE-222016

CVE-2017-15309

HIGH

CVSS:7.1(High)

Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious fi...

CWE-222017

CVE-2017-2706

HIGH

CVSS:7.1(High)

Mate 9 smartphones with software MHA-AL00AC00B125 have a directory traversal vulnerability in Push module. Since the system does not verify the file name during decompression, system directories are t...

CWE-222017

CVE-2017-5228

HIGH

CVSS:7.1(High)

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build o...

CWE-222017

CVE-2017-5229

HIGH

CVSS:7.1(High)

All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter extapi Clipboard.parse_dump() function. By using a specially-crafted...

CWE-222017

CVE-2021-41127

Vulnerability Description

Related Vulnerabilities

CVE-2016-10330

CVE-2016-6896

CVE-2017-15309

CVE-2017-2706

CVE-2017-5228

CVE-2017-5229