rasa-pro@3.8.17 vulnerabilities

rasa-pro is a State-of-the-art open-core Conversational AI framework for Enterprises that natively leverages generative AI for effortless assistant development.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data by loading a maliciously crafted model into a Rasa instance.

Note: After upgrading to the fixed version, users must retrain their models using the fixed version of Rasa Pro or Open Source.

This is only exploitable if:

1. HTTP API Enabled: The Rasa instance has the HTTP API enabled (e.g., using --enable-api). This is not the default configuration.

2. Unauthenticated RCE: The user has not implemented authentication or other recommended security controls as outlined in Rasa's documentation.

3. Authenticated RCE: The attacker possesses a valid authentication token or JWT to interact with the Rasa API.

Upgrade rasa-pro to version 3.8.18, 3.9.16, 3.10.12 or higher.