Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Security vulnerabilities with known fixes in rasa image
See original GitHub issueRasa version: 2.7.1
Rasa SDK version (if used & relevant): 2.7.0
Rasa X version (if used & relevant): Not relevant
Python version: 3.8.5
Operating system (windows, osx, …): Linux-5.10.25-linuxkit-x86_64-with-glibc2.29
These are the security vulnerabilities in the rasa/rasa:2.7.1-full image that have a known fix:
| CVE | Package | Solution |
|---|---|---|
| CVE-2021-3580 | libhogweed5 | Upgrade to 3.5.1+really3.5.1-2ubuntu0.2 |
| CVE-2020-24586 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2020-24587 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2020-24588 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2020-26139 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2020-26141 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2020-26145 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2020-26147 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2021-23133 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2021-23134 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2021-31829 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2021-32399 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2021-33034 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2021-3506 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2021-3609 | linux-libc-dev | Upgrade to 5.4.0-77.86 |
| CVE-2019-18348 | python | Upgrade to python 3.8.10 |
| NA | python | Upgrade to python 3.8.10 |
| CVE-2021-23336 | python | upgrade to python 3.8.10 |
These came from a customer and ideally should be fixed within 30 days.
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (9 by maintainers)
Top Results From Across the Web
Whitesource scan is failing for latest RASA Images with ...
The Whitesource scan reported several security vulnerability and open source license issues with the latest RASA Images.
Read more >Security Alert · Issue #8638 · RasaHQ/rasa - GitHub
In addition to this, I can let you know directly if there are any extremely serious issues or issues that are blocking customer...
Read more >rasa - Python Package Health Analysis - Snyk
The python package rasa was scanned for known vulnerabilities and missing license, and no issues were found. Thus the package was deemed as...
Read more >CVE-2021-41127 - NVD
The vulnerability is fixed in Rasa 2.8.10. For users unable to update ensure that users do not upload untrusted model files, and restrict ......
Read more >Forced Labor | U.S. Customs and Border Protection
Withhold Release Orders, Representative Image for WROs ... ILO Indicators of Forced Labor: Restriction of movement, abuse of vulnerability, isolation,.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@hsm207 I spoke with a few people, we will upgrade the Rasa OSS version for
0.42. As long as the customer is okay with re-training their models, they can just upgrade when0.42is out (should be soon enough)@mprazz great! thanks for doing this.