Lucene search

GitHub Advisory DatabaseGHSA-V68G-WM8C-6X7J

HistoryDec 20, 2023 - 6:30 p.m.

transformers has a Deserialization of Untrusted Data vulnerability

2023-12-2018:30:32

CWE-502

GitHub Advisory Database

github.com

vulnerability

deserialization

untrusted data

github

repository

huggingface/transformers

software

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

23.3%

JSON

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

Affected configurations

Vulners

Node

huggingfacetransformersRange<4.36.0

VendorProductVersionCPE
huggingfacetransformers*cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huggingface	transformers	*	cpe:2.3:a:huggingface:transformers::::::::

References

github.com/advisories/GHSA-v68g-wm8c-6x7j

github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce

huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c

nvd.nist.gov/vuln/detail/CVE-2023-7018

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

23.3%

JSON

Related for GHSA-V68G-WM8C-6X7J