Lucene search

[email protected]NVD:CVE-2023-7018

HistoryDec 20, 2023 - 5:15 p.m.

CVE-2023-7018

2023-12-2017:15:08

CWE-502

[email protected]

web.nvd.nist.gov

github

deserialization

vulnerability

huggingface/transformers

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.3%

JSON

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36.

Affected configurations

Nvd

Node

huggingfacetransformersRange<4.36.0

VendorProductVersionCPE
huggingfacetransformers*cpe:2.3:a:huggingface:transformers:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huggingface	transformers	*	cpe:2.3:a:huggingface:transformers::::::::

References

github.com/huggingface/transformers/commit/1d63b0ec361e7a38f1339385e8a5a855085532ce

huntr.com/bounties/e1a3e548-e53a-48df-b708-9ee62140963c

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

23.3%

JSON

Related for NVD:CVE-2023-7018

osv2 veracode1 cvelist1 github1 cve1 prion1