Facebook Parlai vulnerabilities
2 known vulnerabilities affecting facebook/parlai.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-24040P2CRITICALCVSS 9.8PoCfixed in 1.1.0≥ unspecified, < 1.1.02021-09-10
CVE-2021-24040 [CRITICAL] CWE-502 CVE-2021-24040: Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML c
Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0.
ghsanvdosv
CVE-2021-39207P3HIGHCVSS 8.8fixed in 1.1.02021-09-10
CVE-2021-39207 [HIGH] CWE-502 CVE-2021-39207: parlai is a framework for training and evaluating AI models on a variety of openly available dialogu
parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0
ghsanvd