83 matches found
CVE-2024-3568
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
CVE-2024-3568
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
CVE-2024-3568 Arbitrary Code Execution via Deserialization in huggingface/transformers
The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the loadrepocheckpoint function of the TFPreTrainedModel class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting...
Insecure Deserialization
huggingface transformers is vulnerable to Insecure Deserialization. The vulnerability is due to the ability to load arbitrary pickle files from other repos specified by the indexpath while parsing the remote config.json fille. An attacker can exploit this flaw to execute arbitrary code on the...
transformers has a Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
GHSA-V68G-WM8C-6X7J transformers has a Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
CVE-2023-7018
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
CVE-2023-7018
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
Deserialization of untrusted data
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PYSEC-2023-301
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PYSEC-2023-301
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PYSEC-2023-300
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PYSEC-2023-300
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
CVE-2023-6730 Deserialization of Untrusted Data in huggingface/transformers
Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36...
PT-2023-32753
Name of the Vulnerable Software and Affected Versions huggingface/transformers versions prior to 4.36.0 Description The issue is related to the deserialization of untrusted data in the huggingface/transformers GitHub repository. Recommendations For versions prior to 4.36.0, update to version 4.36...
GHSA-282V-666C-3FVG transformers has Insecure Temporary File
Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0...
transformers has Insecure Temporary File
Insecure Temporary File in GitHub repository huggingface/transformers 4.29.2 and prior. A fix is available at commit 80ca92470938bbcc348e2d9cf4734c7c25cb1c43 and has been released as part of version 4.30.0...
CVE-2023-2800
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...
CVE-2023-2800
Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0...