Lucene search

CVE-2024-3924 Code Injection in huggingface/text-generation-inference

🗓️ 30 May 2024 14:43:59Reported by @huntr_aiType

Code Injection in text-generation-inference repository, autodocs.yml file, allows arbitrary code execution via insecure github.head_ref handlin

Reporter	Title	Published	Views	Family All 6
OSV	CVE-2024-3924	30 May 202415:15	–	osv
OSV	GHSA-QQ99-P57R-G3V7 code injection vulnerability exists in the huggingface/text-generation-inference repository	2 Jun 202422:30	–	osv
NVD	CVE-2024-3924	30 May 202415:15	–	nvd
Vulnrichment	CVE-2024-3924 Code Injection in huggingface/text-generation-inference	30 May 202414:59	–	vulnrichment
Github Security Blog	code injection vulnerability exists in the huggingface/text-generation-inference repository	2 Jun 202422:30	–	github
CVE	CVE-2024-3924	30 May 202415:15	–	cve

[
  {
    "vendor": "huggingface",
    "product": "huggingface/text-generation-inference",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "2.0.0",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
huntr	www.huntr.com/bounties/8af92fc2-0103-4d29-bb28-c3893154c422
github	www.github.com/huggingface/text-generation-inference/commit/88702d876383f7200eccf67e28ba00500dc804bb

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 May 2024 14:59Current

5.3Medium risk

Vulners AI Score5.3

CVSS34.4

EPSS0.00043

CWE-94