{"data":{"id":"3f0a284d-d02f-4b5b-a124-ba561cbe0a81","title":"CVE-2024-49375: Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the","summary":"A vulnerability in Rasa (an open source machine learning framework) allows an attacker to achieve RCE (remote code execution, where an attacker runs commands on a system they don't own) by loading a malicious model if the HTTP API is enabled and authentication is not properly configured. The vulnerability only affects instances where the API is explicitly enabled (not the default) and lacks proper security controls.","solution":"Upgrade to Rasa version 3.6.21 or later. Users unable to upgrade should ensure that they require authentication and that only trusted users are given access.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-49375","publishedAt":"2025-01-14T19:15:31.813Z","cveId":"CVE-2024-49375","cweIds":["CWE-94","CWE-502"],"cvssScore":"9","cvssSeverity":"critical","severity":"critical","attackType":["model_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Rasa"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.03288,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-242","CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}