Self Rag
Monthly
Unsafe deserialization in AkariAsai self-rag's `Indexer.deserialize_from` function exposes any deployment that processes externally supplied FAISS index files to potential arbitrary code execution. The vulnerability resides in `retrieval_lm/src/index.py` and is triggered when the `index_meta.faiss` argument is manipulated with a crafted payload - a classic CWE-502 pattern where Python's serialization routines (typically pickle) blindly instantiate attacker-controlled objects. A publicly available proof-of-concept exists per GitHub issue #105, elevating the practical risk beyond the moderate CVSS 4.0 score of 5.3. No active exploitation has been confirmed by CISA KEV, and the project maintainer had not formally responded to the disclosure at time of reporting.
Unsafe deserialization in AkariAsai self-rag's `Indexer.deserialize_from` function exposes any deployment that processes externally supplied FAISS index files to potential arbitrary code execution. The vulnerability resides in `retrieval_lm/src/index.py` and is triggered when the `index_meta.faiss` argument is manipulated with a crafted payload - a classic CWE-502 pattern where Python's serialization routines (typically pickle) blindly instantiate attacker-controlled objects. A publicly available proof-of-concept exists per GitHub issue #105, elevating the practical risk beyond the moderate CVSS 4.0 score of 5.3. No active exploitation has been confirmed by CISA KEV, and the project maintainer had not formally responded to the disclosure at time of reporting.