Vulnerability	Vulnerable Version
M Missing Authentication for Critical Function rasa-pro is a State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the voice connector APIs for `audiocodes_stream`, `genesys`, and `jambonz` connectors. An attacker can submit unauthorized voice data to the assistant, even if a token is configured in `credentials.yml`. How to fix Missing Authentication for Critical Function? Upgrade `rasa-pro` to version 3.9.20, 3.10.18, 3.11.7, 3.12.6 or higher.	[,3.9.20)[3.10.3,3.10.18)[3.11.0a1,3.11.7)[3.12.0rc1,3.12.6)
H Deserialization of Untrusted Data rasa-pro is a State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development. Affected versions of this package are vulnerable to Deserialization of Untrusted Data by loading a maliciously crafted model into a Rasa instance. Note: After upgrading to the fixed version, users must retrain their models using the fixed version of Rasa Pro or Open Source. This is only exploitable if: HTTP API Enabled: The Rasa instance has the HTTP API enabled (e.g., using `--enable-api`). This is not the default configuration. Unauthenticated RCE: The user has not implemented authentication or other recommended security controls as outlined in Rasa's documentation. Authenticated RCE: The attacker possesses a valid authentication token or JWT to interact with the Rasa API. How to fix Deserialization of Untrusted Data? Upgrade `rasa-pro` to version 3.8.18, 3.9.16, 3.10.12 or higher.	[,3.8.18)[3.9.14,3.9.16)[3.10.3,3.10.12)

Missing Authentication for Critical Function

rasa-pro is a State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development.

Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the voice connector APIs for audiocodes_stream, genesys, and jambonz connectors. An attacker can submit unauthorized voice data to the assistant, even if a token is configured in credentials.yml.

How to fix Missing Authentication for Critical Function?

Upgrade rasa-pro to version 3.9.20, 3.10.18, 3.11.7, 3.12.6 or higher.

[,3.9.20)[3.10.3,3.10.18)[3.11.0a1,3.11.7)[3.12.0rc1,3.12.6)

Deserialization of Untrusted Data

rasa-pro is a State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data by loading a maliciously crafted model into a Rasa instance.

Note: After upgrading to the fixed version, users must retrain their models using the fixed version of Rasa Pro or Open Source.

This is only exploitable if:

HTTP API Enabled: The Rasa instance has the HTTP API enabled (e.g., using --enable-api). This is not the default configuration.
Unauthenticated RCE: The user has not implemented authentication or other recommended security controls as outlined in Rasa's documentation.
Authenticated RCE: The attacker possesses a valid authentication token or JWT to interact with the Rasa API.

How to fix Deserialization of Untrusted Data?

Upgrade rasa-pro to version 3.8.18, 3.9.16, 3.10.12 or higher.

[,3.8.18)[3.9.14,3.9.16)[3.10.3,3.10.12)

Go back to all versions of this package