Hi every one, i need to know about Rasa vulnerabilities, are there any information about? thanks
Yes, Security vulnerabilities.
Depends on how it is hosted.
How do you plan to host it? In terms package vulnerability, there was a warning about requests but upgrading it should have solved it.
If you expose the rasa API, you can add a security token as part of the API request and keep the key as part of the credentials but It doesn’t support any auth mechanism out of the box. You have to secure the API yourself
Ok great, thanks so much for the information,
We have perimeter security controls, port filtering and authentication token, but we also want to know the tool well and if there was or is any vulnerability to implement the necessary controls.
Then i thank you again for your information and i ask this last question to finish, are not there any CVE related to some Rasa Stack version?
Not sure if it has been tested as such. Also depends If you are talking about the rasa platform, the team can help you with that.
for the open -source package, you can scan for code vulnerabilities, from our internal scan we haven’t found any issues with the python packages as such.
it is a whole different thing as you would deploy and host the bot at your end and securise it.