{"data":{"id":"b714ba87-eaad-4da7-8ce3-e97a297fb34f","title":"CVE-2021-39207: parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affec","summary":"ParlAI, a framework for training AI models on dialogue datasets, has a vulnerability where it unsafely loads YAML files (a data format), allowing attackers to execute arbitrary code on affected systems. The vulnerability occurs because the framework uses an unsafe YAML loader that can be tricked into running malicious code hidden in data files.","solution":"Update ParlAI to version v1.1.0 or above. If upgrading is not possible, change the Loader to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-39207","publishedAt":"2021-09-10T23:15:07.343Z","cveId":"CVE-2021-39207","cweIds":["CWE-502"],"cvssScore":"8.4","cvssSeverity":"high","severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["ParlAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.01351,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-586"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}