GCVE - cpe:2.3:a:facebook:parlai:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:facebook:parlai:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Facebook (`c319c35a-3469-5baa-b3bd-8582d1206a92`)
Product	Parlai (`6600dad7-a5fb-5b4d-87ff-69ec30d70fb7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/facebookresearch/parlai`	purl2cpe	2026-06-01 10:11:43.231225
`pkg:pypi/parlai`	purl2cpe	2026-06-01 10:11:43.231229

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-39207`	vulnerable	2026-06-03 14:45:08.607020	Deserialization of Untrusted Data in parlai HIGH (8.4) parlai is a framework for training and evaluating AI models on a variety of openly available dialogue datasets. In affected versions the package is vulnerable to YAML deserialization attack caused by unsafe loading which leads to Arbitary code execution. This security bug is patched by avoiding unsafe loader users should update to version above v1.1.0. If upgrading is not possible then users can change the Loader used to SafeLoader as a workaround. See commit 507d066ef432ea27d3e201da08009872a2f37725 for details. Published: 2021-09-10T22:20:09.000Z Updated: 2024-08-04T01:58:18.337Z Open on db.gcve.eu Reference links https://github.com/facebookresearch/ParlAI/security/advisories/GHSA-m87f-9fvv-2mgg https://github.com/facebookresearch/ParlAI/commit/4374fa2aba383db6526ab36e939eb1cf8ef99879 https://github.com/facebookresearch/ParlAI/commit/507d066ef432ea27d3e201da08009872a2f37725	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24040`	vulnerable	2026-06-03 14:43:56.005405	Details available Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. Published: 2021-09-10T22:10:10.000Z Updated: 2024-08-03T19:21:17.219Z Open on db.gcve.eu Reference links https://github.com/facebookresearch/ParlAI/releases/tag/v1.1.0 https://github.com/facebookresearch/ParlAI/security/advisories/GHSA-m87f-9fvv-2mgg http://packetstormsecurity.com/files/164136/Facebook-ParlAI-1.0.0-Code-Execution-Deserialization.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-24040`	not_vulnerable	2026-06-03 14:43:56.005360	Details available Due to use of unsafe YAML deserialization logic, an attacker with the ability to modify local YAML configuration files could provide malicious input, resulting in remote code execution or similar risks. This issue affects ParlAI prior to v1.1.0. Published: 2021-09-10T22:10:10.000Z Updated: 2024-08-03T19:21:17.219Z Open on db.gcve.eu Reference links https://github.com/facebookresearch/ParlAI/releases/tag/v1.1.0 https://github.com/facebookresearch/ParlAI/security/advisories/GHSA-m87f-9fvv-2mgg http://packetstormsecurity.com/files/164136/Facebook-ParlAI-1.0.0-Code-Execution-Deserialization.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.