Vulnerability	Vulnerable Version
H Deserialization of Untrusted Data nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the deserialization of untrusted data. An attacker can execute arbitrary code and tamper with data by providing specially crafted input that is deserialized without proper validation. How to fix Deserialization of Untrusted Data? Upgrade `nemo-toolkit` to version 2.3.2 or higher.	[,2.3.2)
H Directory Traversal nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Directory Traversal via the model loading process. An attacker can execute arbitrary code and tamper with data by supplying a `.nemo` file containing maliciously crafted metadata. How to fix Directory Traversal? Upgrade `nemo-toolkit` to version 2.3.2 or higher.	[,2.3.2)
L Directory Traversal nemo-toolkit is a NeMo - a toolkit for Conversational AI Affected versions of this package are vulnerable to Directory Traversal via `ASR WebApp`, in which the `../` characters may lead to deletion of any directory when admin privileges are available. How to fix Directory Traversal? Upgrade `nemo-toolkit` to version 1.6.0 or higher.	[0,1.6.0)

Go back to all versions of this package